[PATCH] spl: Convert SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig
Falcon mode is very useful in improving boot speed. A question that Falcon mode asks is "Where do I look for the kernel". With MMC boot media, the correct answer is CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR. The scope of this patch is to move this to Kconfig. It is possible for a system to support Falcon mode from NOR but not MMC. In that case, mmc_load_image_raw_os() would not be used. To address this, conditionally compile mmc_load_image_raw_os() when SPL_FALCON_BOOT_MMCSD, instead of SPL_OS_BOOT. Signed-off-by: Alexandru Gagniuc --- This is designed to apply on top of next: 111a8b5735 (origin/next) Merge branch '2021-12-27-CONFIG-migrations' into next README| 4 common/spl/Kconfig| 16 common/spl/spl_mmc.c | 2 +- configs/am335x_boneblack_vboot_defconfig | 2 ++ configs/am335x_evm_defconfig | 2 ++ configs/am335x_igep003x_defconfig | 2 ++ configs/am335x_shc_defconfig | 2 ++ configs/am335x_shc_ict_defconfig | 2 ++ configs/am335x_shc_netboot_defconfig | 2 ++ configs/am335x_shc_sdboot_defconfig | 2 ++ configs/am335x_sl50_defconfig | 2 ++ configs/am3517_evm_defconfig | 2 ++ configs/am43xx_evm_defconfig | 2 ++ configs/am43xx_evm_rtconly_defconfig | 2 ++ configs/am43xx_evm_usbhost_boot_defconfig | 2 ++ configs/am57xx_evm_defconfig | 2 ++ configs/devkit8000_defconfig | 2 ++ configs/display5_defconfig| 2 ++ configs/display5_factory_defconfig| 2 ++ configs/dra7xx_evm_defconfig | 2 ++ configs/gwventana_emmc_defconfig | 2 ++ configs/gwventana_gw5904_defconfig| 2 ++ configs/gwventana_nand_defconfig | 2 ++ configs/igep00x0_defconfig| 2 ++ configs/imx6dl_mamoj_defconfig| 2 ++ configs/imx6q_logic_defconfig | 2 ++ configs/omap35_logic_defconfig| 2 ++ configs/omap35_logic_somlv_defconfig | 2 ++ configs/omap3_logic_defconfig | 2 ++ configs/omap3_logic_somlv_defconfig | 2 ++ configs/omap4_panda_defconfig | 2 ++ configs/omap5_uevm_defconfig | 2 ++ include/configs/brppt1.h | 1 - include/configs/devkit8000.h | 2 -- include/configs/display5.h| 1 - include/configs/embestmx6boards.h | 1 - include/configs/gw_ventana.h | 1 - include/configs/imx6-engicam.h| 1 - include/configs/imx6_logic.h | 1 - include/configs/imx6dl-mamoj.h| 1 - include/configs/ls1043ardb.h | 1 - include/configs/mccmon6.h | 1 - include/configs/mx6sabreauto.h| 1 - include/configs/mx6sabresd.h | 1 - include/configs/pico-imx6.h | 1 - include/configs/pico-imx6ul.h | 1 - include/configs/pico-imx7d.h | 1 - include/configs/sama5d3_xplained.h| 1 - include/configs/ti_armv7_common.h | 1 - include/configs/vyasa-rk3288.h| 1 - include/configs/xea.h | 1 - include/configs/xilinx_zynqmp.h | 1 - include/configs/zynq-common.h | 1 - scripts/config_whitelist.txt | 1 - 54 files changed, 75 insertions(+), 28 deletions(-) diff --git a/README b/README index edf801e842..6463bfda03 100644 --- a/README +++ b/README @@ -1880,10 +1880,6 @@ The following options need to be configured: CONFIG_SPL_INIT_MINIMAL Arch init code should be built for a very small image - CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR - Sector to load kernel uImage from when MMC is being - used in raw mode (for Falcon mode) - CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR, CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS Sector and number of sectors to load kernel argument diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 4a739a7421..e0d0a6f77b 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -919,6 +919,22 @@ config SYS_OS_BASE endif # SPL_OS_BOOT +config SPL_FALCON_BOOT_MMCSD + bool "Enable Falcon boot from MMC or SD media" + depends on SPL_OS_BOOT && SPL_MMC + help + Select this if the Falcon mode OS image mode is on MMC or SD media. + +config SYS_MMCSD_RAW_MODE_KERNEL_SECTOR + hex "Falcon mode: Sector to load kernel uImage from MMC" + depends on SPL_FALCON_BOOT_MMCSD + help + When Falcon mode is used with an MMC or SD media, SPL needs to know + where to look for the kernel uImage. The image is expected to begin + at the raw MMC specified in this config. + Note that the Falcon mode image can also be a FIT, if FIT s
[PATCH v3 13/13] ARM: dts: stm32mp: dts: Don't remove OPTEE nodes for DK2 boards
To prepare for an OP-TEE payload, the spl_board_prepare_for_optee()
handler of STM32MP calls. stm32_init_tzc_for_optee(), which will
panic(). The reason for the panic is a failure to locate a valid
"/reserved-memory/optee" node in the devicetree.
This all occurs in SPL, so to re-add the OP-TEE memory nodes to the
SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 3 ---
1 file changed, 3 deletions(-)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index fb60549f4d..fe347377ba 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -27,10 +27,7 @@
config {
u-boot,mmc-env-partition = "ssbl";
};
-#endif
-#ifdef CONFIG_STM32MP15x_STM32IMAGE
- /* only needed for boot with TF-A, witout FIP support */
firmware {
optee {
compatible = "linaro,optee-tz";
--
2.31.1
[PATCH v3 12/13] stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads
OP-TEE does not take a devicetree for its own use. However, it does
pass the devicetree to the normal world OS. In most cases that will
be some other devicetree-bearing platform, such as linux.
OP-TEE is capable of patching the devicetree and adding the required
"/firmware" and "/reserved-memory" nodes. Not all OP-TEE
configurations do so, and it would need to be explicitly enabled
(CFG_DT=y). There is a measurable boot time penalty to enabling this
feature, and sometimes it is preferrable to do it in SPL for this
exact reason.
As such, there are cases where it is required to copy the optee nodes
to he target's FDT. Do this as part of spl_board_prepare_for_optee().
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index d9fdc5926c..94fbb45cf9 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
u32 spl_boot_device(void)
{
@@ -182,6 +183,7 @@ void stm32_init_tzc_for_optee(void)
void spl_board_prepare_for_optee(void *fdt)
{
stm32_fdt_setup_mac_addr(fdt);
+ optee_copy_fdt_nodes(fdt);
stm32_init_tzc_for_optee();
}
--
2.31.1
[PATCH v3 11/13] ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb
The optee "/firmware" node is normally used to load the OP-TEE driver.
SPL does not use it this way, but instead uses it to patch the kernel
devicetree when booting OP-TEE. This seems weird, as OP-TEE -- which
would run after SPL -- is capable of patching the devicetree and
adding the required "/firmware" and "/reserved-memory" nodes.
However, OP-TEE's devicetree patching (CFG_DT=y) comes with a
significant boot time penalty. Measurements put it between 700 to 1800
milliseconds. SPL can also do this patching, without incurring a
measurable increase in boot time. This is the use case for falcon
mode, which is the main reason to launch OP-TEE from SPL.
Although some OP-TEE configurations do not require any pre-patching of
the devicetree, there are good use cases for doing so. As far as
concerns with adding the nodes twice, OP-TEE will not add the node if
it already-exists.
Add the "/firmware/optee" node the SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index 629451e731..fb60549f4d 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -35,6 +35,7 @@
optee {
compatible = "linaro,optee-tz";
method = "smc";
+ u-boot,dm-spl;
};
};
--
2.31.1
[PATCH v3 10/13] lib: Makefile: Make optee library available in SPL
We want the optee_copy_fdt_nodes symbols in SPL. This is for cases when booting an OPTEE payload directly. Signed-off-by: Alexandru Gagniuc --- lib/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Makefile b/lib/Makefile index 962470f496..c7dc217e2b 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -16,7 +16,6 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ -obj-$(CONFIG_OPTEE_LIB) += optee/ obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o obj-y += crypto/ @@ -50,6 +49,7 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif +obj-$(CONFIG_OPTEE_LIB) += optee/ obj-$(CONFIG_$(SPL_TPL_)TPM) += tpm-common.o ifeq ($(CONFIG_$(SPL_TPL_)TPM),y) obj-y += crc8.o -- 2.31.1
[PATCH v3 02/13] spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig
Although Falcon mode is very useful in improving boot speed, its implementation is quite antiquated. A question that Falcon mode asks is "Where do I look for the kernel". With MMC boot media, the correct answer is CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR. There are a few things to be said about the wisdom of using a raw sector as opposed to more elegant schemes. However, changing how falcon mode works is beyond the scope of this change. The predicate to enable mmc_load_image_raw_os() is changed from SPL_OS_BOOT to SPL_FALCON_BOOT_MMCSD. It is possible for a system to support Falcon mode from NOR but not MMC. In that case, it doesn't make sense to have mmc_load_image_raw_os(). Signed-off-by: Alexandru Gagniuc --- README| 4 common/spl/Kconfig| 16 common/spl/spl_mmc.c | 2 +- configs/am335x_boneblack_vboot_defconfig | 2 ++ configs/am335x_evm_defconfig | 2 ++ configs/am335x_igep003x_defconfig | 2 ++ configs/am335x_shc_defconfig | 2 ++ configs/am335x_shc_ict_defconfig | 2 ++ configs/am335x_shc_netboot_defconfig | 2 ++ configs/am335x_shc_sdboot_defconfig | 2 ++ configs/am335x_sl50_defconfig | 2 ++ configs/am3517_evm_defconfig | 2 ++ configs/am43xx_evm_defconfig | 2 ++ configs/am43xx_evm_rtconly_defconfig | 2 ++ configs/am43xx_evm_usbhost_boot_defconfig | 2 ++ configs/am57xx_evm_defconfig | 2 ++ configs/devkit8000_defconfig | 2 ++ configs/display5_defconfig| 2 ++ configs/display5_factory_defconfig| 2 ++ configs/dra7xx_evm_defconfig | 2 ++ configs/gwventana_emmc_defconfig | 2 ++ configs/gwventana_gw5904_defconfig| 2 ++ configs/gwventana_nand_defconfig | 2 ++ configs/igep00x0_defconfig| 2 ++ configs/imx6dl_mamoj_defconfig| 2 ++ configs/imx6q_logic_defconfig | 2 ++ configs/omap35_logic_defconfig| 2 ++ configs/omap35_logic_somlv_defconfig | 2 ++ configs/omap3_logic_defconfig | 2 ++ configs/omap3_logic_somlv_defconfig | 2 ++ configs/omap4_panda_defconfig | 2 ++ configs/omap5_uevm_defconfig | 2 ++ include/configs/brppt1.h | 1 - include/configs/devkit8000.h | 2 -- include/configs/display5.h| 1 - include/configs/embestmx6boards.h | 1 - include/configs/gw_ventana.h | 1 - include/configs/imx6-engicam.h| 1 - include/configs/imx6_logic.h | 1 - include/configs/imx6dl-mamoj.h| 1 - include/configs/ls1043ardb.h | 1 - include/configs/mccmon6.h | 1 - include/configs/mx6sabreauto.h| 1 - include/configs/mx6sabresd.h | 1 - include/configs/pico-imx6.h | 1 - include/configs/pico-imx6ul.h | 1 - include/configs/pico-imx7d.h | 1 - include/configs/sama5d3_xplained.h| 1 - include/configs/tam3517-common.h | 1 - include/configs/ti_armv7_common.h | 1 - include/configs/vyasa-rk3288.h| 1 - include/configs/xea.h | 1 - include/configs/xilinx_zynqmp.h | 1 - include/configs/zynq-common.h | 1 - scripts/config_whitelist.txt | 1 - 55 files changed, 75 insertions(+), 29 deletions(-) diff --git a/README b/README index 840b192aae..7e33ad79ff 100644 --- a/README +++ b/README @@ -2020,10 +2020,6 @@ The following options need to be configured: Partition on the MMC to load U-Boot from when the MMC is being used in raw mode - CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR - Sector to load kernel uImage from when MMC is being - used in raw mode (for Falcon mode) - CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR, CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS Sector and number of sectors to load kernel argument diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 8a8a971a91..39745a216f 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -918,6 +918,22 @@ config SYS_OS_BASE endif # SPL_OS_BOOT +config SPL_FALCON_BOOT_MMCSD + bool "Enable Falcon boot from MMC or SD media" + depends on SPL_OS_BOOT && SPL_MMC + help + Select this if the Falcon mode OS image mode is on MMC or SD media. + +config SYS_MMCSD_RAW_MODE_KERNEL_SECTOR + hex "Falcon mode: Sector to load kernel uImage from MMC" + depends on SPL_FALCON_BOOT_MMCSD + help + When Falcon mode is used with an MMC or SD media, SPL needs to know + where to look for the kernel uImage. The image is expected to begin + a
[PATCH v3 09/13] stm32mp1: spl: Configure MAC address when booting OP-TEE
When OP-TEE is booted as the SPL payload, the stage after OP-TEE is
not guaranteed to be u-boot. Thus the FDT patching in u-boot is not
guaranteed to occur. Add this step to SPL.
The patching by stm32_fdt_setup_mac_addr() is done in SPL, and patches
the target FDT directly. This differs is different from
setup_mac_address(), which sets the "ethaddr" env variable, and does
not work in SPL.
An alternative way of setting the MAC is to patch the kernel's
devicetree to use the "nvmem-cells" property. This would backend on
the linux BSEC driver, which relies on an SMCC call. That call is
implemented only by TF-A, not by SPL. Thus linux will not be able to
read the MAC from OTP, and this alternative method will fail.
Changing the linux driver is not feasible is our goal is to support
the current linux LTS release (v5.14). Implementing the SMCC call
would require SPL finagling, and possibly carry security side-effects.
Thus, adding "mac-address" nodes to the kernel devicetree is the most
economical method in terms of lines of code and complexity.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 22 +++
.../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++
arch/arm/mach-stm32mp/spl.c | 1 +
3 files changed, 26 insertions(+)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
index 8727de513c..2b8b67bb40 100644
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -646,6 +647,27 @@ __weak int setup_mac_address(void)
return 0;
}
+int stm32_fdt_setup_mac_addr(void *fdt)
+{
+ int ret;
+ uchar enetaddr[ARP_HLEN];
+
+ ret = stm32_read_otp_mac(enetaddr);
+ if (ret < 0)
+ return ret;
+
+ if (!is_valid_ethaddr(enetaddr)) {
+ printf("invalid MAC address in OTP\n");
+ return -EINVAL;
+ }
+
+ ret = fdt_ethernet_set_macaddr(fdt, 0, enetaddr);
+ if (ret)
+ debug("Failed to set mac address from OTP: %d\n", ret);
+
+ return ret;
+}
+
static int setup_serial_number(void)
{
char serial_string[25];
diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
index 4149d3a133..2d24cfee3f 100644
--- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
+++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
@@ -47,7 +47,10 @@ void get_soc_name(char name[SOC_NAME_SIZE]);
/* return boot mode */
u32 get_bootmode(void);
+/* Set 'ethaddr' env variable with MAC from OTP (useful for u-boot proper) */
int setup_mac_address(void);
+/* Patch the first 'ethernet' node of FDT with MAC from OTP (useful for SPL) */
+int stm32_fdt_setup_mac_addr(void *fdt);
/* board power management : configure vddcore according OPP */
void board_vddcore_init(u32 voltage_mv);
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index 405eff68a3..d9fdc5926c 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -181,6 +181,7 @@ void stm32_init_tzc_for_optee(void)
void spl_board_prepare_for_optee(void *fdt)
{
+ stm32_fdt_setup_mac_addr(fdt);
stm32_init_tzc_for_optee();
}
--
2.31.1
[PATCH v3 08/13] arm: stm32mp: Factor out reading MAC address from OTP
Move the reading the OTP into a separate function. This is
required for a subsequent change which sets the MAC in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 37 +++--
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
index eb79f3ffd2..8727de513c 100644
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@@ -593,6 +593,28 @@ static void setup_boot_mode(void)
clrsetbits_le32(TAMP_BOOT_CONTEXT, TAMP_BOOT_FORCED_MASK, BOOT_NORMAL);
}
+static int stm32_read_otp_mac(uint8_t enetaddr[ARP_HLEN])
+{
+ struct udevice *dev;
+ int ret, i;
+ u32 otp[2];
+
+ ret = uclass_get_device_by_driver(UCLASS_MISC,
+ DM_DRIVER_GET(stm32mp_bsec),
+ );
+ if (ret)
+ return ret;
+
+ ret = misc_read(dev, STM32_BSEC_SHADOW(BSEC_OTP_MAC), otp, sizeof(otp));
+ if (ret < 0)
+ return ret;
+
+ for (i = 0; i < ARP_HLEN; i++)
+ enetaddr[i] = ((uint8_t *))[i];
+
+ return 0;
+}
+
/*
* If there is no MAC address in the environment, then it will be initialized
* (silently) from the value in the OTP.
@@ -601,29 +623,16 @@ __weak int setup_mac_address(void)
{
#if defined(CONFIG_NET)
int ret;
- int i;
- u32 otp[2];
uchar enetaddr[6];
- struct udevice *dev;
/* MAC already in environment */
if (eth_env_get_enetaddr("ethaddr", enetaddr))
return 0;
- ret = uclass_get_device_by_driver(UCLASS_MISC,
- DM_DRIVER_GET(stm32mp_bsec),
- );
- if (ret)
- return ret;
-
- ret = misc_read(dev, STM32_BSEC_SHADOW(BSEC_OTP_MAC),
- otp, sizeof(otp));
+ ret = stm32_read_otp_mac(enetaddr);
if (ret < 0)
return ret;
- for (i = 0; i < 6; i++)
- enetaddr[i] = ((uint8_t *))[i];
-
if (!is_valid_ethaddr(enetaddr)) {
log_err("invalid MAC address in OTP %pM\n", enetaddr);
return -EINVAL;
--
2.31.1
[PATCH v3 07/13] arm: stm32mp: bsec: Update OTP shadow registers in SPL
For TFABOOT and SPL_BUILD, stm32mp_bsec_probe() skipped updating the
OTP shadow registers. The idea is that we can't access BSEC from the
normal world. This is true with TFABOOT. However, in SPL, we are in
the secure world, so skipping probe is incorrect. In fact, SPL is not
even built when TFABOOT is selected.
Thus, do not skip this step for SPL_BUILD. Note that because SPL is
now doing this step, we no longer need to do it in u-boot. The new
logic is "let the FSBL do it", which is simpler.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/bsec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c
index fe39bd80cf..41ed5f3cf5 100644
--- a/arch/arm/mach-stm32mp/bsec.c
+++ b/arch/arm/mach-stm32mp/bsec.c
@@ -503,10 +503,10 @@ static int stm32mp_bsec_probe(struct udevice *dev)
/*
* update unlocked shadow for OTP cleared by the rom code
-* only executed in U-Boot proper when TF-A is not used
+* Executed only by FSBL (SPL or TF-A)
*/
- if (!IS_ENABLED(CONFIG_TFABOOT) && !IS_ENABLED(CONFIG_SPL_BUILD)) {
+ if (IS_ENABLED(CONFIG_SPL_BUILD)) {
plat = dev_get_plat(dev);
for (otp = 57; otp <= BSEC_OTP_MAX_VALUE; otp++)
--
2.31.1
[PATCH v3 06/13] fdt_support: Implement fdt_ethernet_set_macaddr()
Oftentimes we have MAC address information stored in a ROM or OTP. The
way to add that to the FDT would be through the u-boot environment,
and then fdt_fixup_ethernet(). This is not very useful in SPL.
It would be more helpful to be able to "set interface x to MAC y".
This is where fdt_ethernet_set_macaddr() comes in. It is similar in
function to fdt_fixup_ethernet(), but only updates one interface,
without using the u-boot env, and without string processing.
Signed-off-by: Alexandru Gagniuc
---
common/fdt_support.c | 30 ++
include/fdt_support.h | 17 +
2 files changed, 47 insertions(+)
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 8992ac5d3f..1c43640cf7 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -610,6 +610,36 @@ void fdt_fixup_ethernet(void *fdt)
}
}
+int fdt_ethernet_set_macaddr(void *fdt, int ethnum, const uint8_t *mac_addr)
+{
+ const char *path, *name;
+ int prop, aliases_node;
+ char eth_name[16] = "ethernet";
+
+ aliases_node = fdt_path_offset(fdt, "/aliases");
+ if (aliases_node < 0)
+ return aliases_node;
+
+ if (ethnum >= 0)
+ sprintf(eth_name, "ethernet%d", ethnum);
+
+ fdt_for_each_property_offset(prop, fdt, aliases_node) {
+ path = fdt_getprop_by_offset(fdt, prop, , NULL);
+ if (!strcmp(name, eth_name))
+ break;
+
+ path = NULL;
+ }
+
+ if (!path)
+ return -FDT_ERR_NOTFOUND;
+
+ do_fixup_by_path(fdt, path, "mac-address", mac_addr, 6, 0);
+ do_fixup_by_path(fdt, path, "local-mac-address", mac_addr, 6, 1);
+
+ return 0;
+}
+
int fdt_record_loadable(void *blob, u32 index, const char *name,
uintptr_t load_addr, u32 size, uintptr_t entry_point,
const char *type, const char *os, const char *arch)
diff --git a/include/fdt_support.h b/include/fdt_support.h
index 72a5b90c97..8453fc8d76 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -119,6 +119,23 @@ static inline int fdt_fixup_memory_banks(void *blob, u64
start[], u64 size[],
#endif
void fdt_fixup_ethernet(void *fdt);
+
+/**
+ * Set the "mac-address" and "local-mac-address" of ethernet node
+ * The ethernet node is located from the "/aliases" section of the fdt. When
+ * 'ethnum' is positive, then the name is matched exactly, e.g "ethernet0".
+ * When ethnum is negative, the first ethernet alias is updated.
+ * Unlike fdt_fixup_ethernet(), this function only updates one ethernet node,
+ * and soes not use the "ethaddr" from the u-boot environment. This is useful,
+ * for example, in SPL, when the environment is not initialized or available.
+ *
+ * @param fdt FDT blob to update
+ * @param ethnum Ethernet device index, or negative for any ethernet
+ * @param mac_addr Pointer to 6-byte array containing the MAC address
+ *
+ * @return 0 if ok, or -FDT_ERR_... on error
+ */
+int fdt_ethernet_set_macaddr(void *fdt, int ethnum, const uint8_t *mac_addr);
int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
const void *val, int len, int create);
void fdt_fixup_qe_firmware(void *fdt);
--
2.31.1
[PATCH v3 03/13] stm32mp1: Add support for baudrates higher than 115200
The UART can reliably go up to 200 baud when connected to the
on-board st-link. Unfortunately u-boot will fall back to 115200 unless
higher rates are declared via CONFIG_SYS_BAUDRATE_TABLE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Patrick Delaunay
---
include/configs/stm32mp1.h | 4
1 file changed, 4 insertions(+)
diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h
index 06cd153d13..b12896bc07 100644
--- a/include/configs/stm32mp1.h
+++ b/include/configs/stm32mp1.h
@@ -16,6 +16,10 @@
#define CONFIG_ARMV7_SECURE_MAX_SIZE STM32_SYSRAM_SIZE
#endif
+#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 19200, 38400, 57600, 115200, \
+230400, 460800, 921600, \
+100, 200 }
+
/*
* Configuration of the external SRAM memory used by U-Boot
*/
--
2.31.1
[PATCH v3 04/13] stm32mp1: Add support for falcon mode boot from SD card
Falcon mode requires a board-specific mechanism to select between
fast and normal boot. This is done via spl_start_uboot()
Use the USER2 button as the selection mechanism. This is connected to
GPIO PA13. This GPIO is already accessible via the "st,fastboot-gpios"
devicetree node, but is is also aliased as "u-boot,falcon-gpios". This
is the only button on DK2 which accessible simultaneously to the RESET
button. USER2 is too close, and I can't fit my fingers to press both.
The fact that USER2 is also used for android fastboot is of no
consequence. One can let go of USER2 after SPL but before being
sampled by u-boot. If that is missed, it's okay, u-boot tries to
initialize the ethernet, which can be stopped with a Ctr-C. This
conveniently opens up a u-boot shell.
Offsets for raw MMC loading are defined. These point to the partition
after "ssbl". Offsets for SPI are not defined, and thus SPL_LOAD_SPI
must be disabled to avoid a build failure. The only way to accommodate
this is to add a new defconfig, adventurously named stm32mp1_falcon.
The baudrate is set to 2 Mbaud, as the point of this config is to boot
fast. The default devicetree is set to -dk2. This is because EV1 does
not have a crypto-enabled CPU, and thus enabling ECDSA support would
have made far less sense. That and all the goodies with FIT in SPL
are enabled to give this config some continuous integration TLC.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 2 +
board/st/stm32mp1/spl.c | 29
configs/stm32mp15_falcon_defconfig | 183 +++
3 files changed, 214 insertions(+)
create mode 100644 configs/stm32mp15_falcon_defconfig
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index 15a04ae927..629451e731 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -16,6 +16,8 @@
u-boot,boot-led = "heartbeat";
u-boot,error-led = "error";
u-boot,mmc-env-partition = "fip";
+ /* This is the same as fastboot-gpios. This is on purpose */
+ u-boot,falcon-gpios = < 13 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
st,adc_usb_pd = < 18>, < 19>;
st,fastboot-gpios = < 13 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
st,stm32prog-gpios = < 14 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
diff --git a/board/st/stm32mp1/spl.c b/board/st/stm32mp1/spl.c
index 8e4549a1b3..ea2f809245 100644
--- a/board/st/stm32mp1/spl.c
+++ b/board/st/stm32mp1/spl.c
@@ -8,6 +8,7 @@
#include
#include
#include
+#include
#include
#include
#include "../common/stpmic1.h"
@@ -29,6 +30,34 @@ int board_early_init_f(void)
return 0;
}
+#if IS_ENABLED(CONFIG_SPL_OS_BOOT)
+int spl_start_uboot(void)
+{
+ ofnode node;
+ struct gpio_desc gpio;
+ int boot_uboot = 1;
+
+ node = ofnode_path("/config");
+ if (!ofnode_valid(node)) {
+ pr_warn("%s: no /config node?\n", __func__);
+ return 0;
+ }
+
+ if (gpio_request_by_name_nodev(node, "u-boot,falcon-gpios", 0, ,
+ GPIOD_IS_IN)) {
+ pr_warn("%s: could not find a /config/u-boot,falcon-gpios\n",
+ __func__);
+ return 1;
+ }
+
+ boot_uboot = dm_gpio_get_value();
+ dm_gpio_free(NULL, );
+
+ return boot_uboot;
+}
+
+#endif /* CONFIG_SPL_OS_BOOT */
+
#ifdef CONFIG_DEBUG_UART_BOARD_INIT
void board_debug_uart_init(void)
{
diff --git a/configs/stm32mp15_falcon_defconfig
b/configs/stm32mp15_falcon_defconfig
new file mode 100644
index 00..c5683616cc
--- /dev/null
+++ b/configs/stm32mp15_falcon_defconfig
@@ -0,0 +1,183 @@
+CONFIG_ARM=y
+CONFIG_ARCH_STM32MP=y
+CONFIG_SYS_MALLOC_F_LEN=0x3000
+CONFIG_SYS_MEMTEST_START=0xc000
+CONFIG_SYS_MEMTEST_END=0xc400
+CONFIG_ENV_OFFSET=0x28
+CONFIG_ENV_SECT_SIZE=0x4
+CONFIG_DEFAULT_DEVICE_TREE="stm32mp157c-dk2"
+CONFIG_SPL_TEXT_BASE=0x2FFC2500
+CONFIG_SPL_MMC=y
+CONFIG_SPL=y
+CONFIG_TARGET_ST_STM32MP15x=y
+CONFIG_CMD_STM32KEY=y
+CONFIG_CMD_STM32PROG=y
+CONFIG_ENV_OFFSET_REDUND=0x2C
+CONFIG_TYPEC_STUSB160X=y
+# CONFIG_ARMV7_VIRT is not set
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_SYS_LOAD_ADDR=0xc200
+CONFIG_FIT=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_LOAD_FIT_APPLY_OVERLAY=y
+# CONFIG_USE_SPL_FIT_GENERATOR is not set
+CONFIG_BOOTDELAY=1
+CONFIG_BOOTCOMMAND="run bootcmd_stm32mp"
+CONFIG_SPL_LOG=y
+CONFIG_BOARD_EARLY_INIT_F=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_PARTITION=y
+CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION=3
+CONFIG_SPL_ENV_SUPPORT=y
+CONFIG_SPL_I2C=y
+CONFIG_SPL_MTD_SUPPORT=y
+CONFIG_SPL_OS_BOOT=y
+CONFIG_SPL_FALCON_BOOT_MMCSD=y
+CONFIG_SYS_MMCSD_RAW_MODE_KERNEL
[PATCH v3 05/13] board: stm32mp1: Implement board_fit_config_name_match() for SPL
This function is needed when loading a FIT image from SPL. It selects
the correct configuration node for the current board. Implement it.
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b/board/st/stm32mp1/spl.c
index ea2f809245..01aa5e51c5 100644
--- a/board/st/stm32mp1/spl.c
+++ b/board/st/stm32mp1/spl.c
@@ -5,6 +5,7 @@
#include
#include
+#include
#include
#include
#include
@@ -82,3 +83,16 @@ void board_debug_uart_init(void)
#endif
}
#endif
+
+int board_fit_config_name_match(const char *name)
+{
+ const void *compatible;
+
+ compatible = fdt_getprop(gd->fdt_blob, 0, "compatible", NULL);
+
+ /* only STM boards are supported (currently) */
+ if (strncmp(compatible, "st,", 3) != 0)
+ return 1;
+
+ return !strstr(name, compatible + 3);
+}
--
2.31.1
[PATCH v3 00/13] stm32mp1: Support falcon mode with OP-TEE payloads
The goal of this project is to to get to linux userspace within a
second from power on, and be secure! This is my last full-time day on
this project, so I don't expect to do a v4.
I chose to use SPL with a FIT payload. We have to add certain logic to
SPL, as well as some FDT modifications that would be normally done in
u-boot. The boot flow is
SPL -> OP-TEE -> Linux
Patrick suggested more changes, but I decided against the following:
I) Use SPL_OPTEE_IMAGE in mach-stm32mp Kconfig selection
I explained in more detail in another email why this is a bad idea.
II) Don't use USER2 button for falcon mode.
This already exists as "fastboot-gpios", but I wasn't supposed to use
it. So I aliased it as "falcon-gpios", but I'm again not supposed to
use it because it aliases an existing GPIO. This makes absolutely no
sense to me. I need a GPIO for this. This is America! I paid for the
button, I intend to use the button! [*]
III) Use env_get_yesno("boot_os") to select falcon mode
I like this idea, but I feel it is part of the OS/SPL communication
mechanism, which is beyond the scope of this series.
IV) Use if (serial_getc() == 'c') in spl_start_uboot()
I don't like the idea of doing serial input in SPL.
V) Move SYS_MMCSD_RAW_MODE_ARGS_* to Kconfig
The boot flow herein does not use the ARGS partition. It would
destroy the security model to allow an external unsigned devicetree.
I don't want to encourage others to use it, and I don't want to waste
time with it. I hope the args partition just fizzles away into
nothingness.
VI) What the heck is "spl export"
"spl export" is the u-boot (not SPL) command used to patch the
devicetree and save it to the args partition mentioned above. This
series avoids "spl export" because:
it's a poor security choice (explained above).
VII) Wait what? How does the devicetree work? Huh?
A complete kernel devicetree is obtained using two methods:
a) FDT patching done by SPL to the FIT devicetree
b) devicetree overlays from the FIT
Both (a) and (b) can be signed. In my specific use case, the bootargs
are applied as a devicetree overlay. It's super effective.
[*] This is meant to be humorous
Changes since v2:
- Drop armv7_boot_nonsec() hack
- Introduce CONFIG_SPL_FALCON_BOOT_MMCSD
- Remove superfluous spl_start_uboot() symbol
Changes since v1:
- Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig instead of stm32mp1.h
- Create a new defconfig for STM32MP in falcon mode
- Rework board_fit_config_name_match() per Patrick's suggestions
- Use "u-boot,falcon-gpios" instead of "st,fastboot-gpios"
- Only update shadow registers in SPL for BSEC .probe()
Alexandru Gagniuc (13):
spl: Untagle spl_start_uboot() from spl_mmc.c
spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig
stm32mp1: Add support for baudrates higher than 115200
stm32mp1: Add support for falcon mode boot from SD card
board: stm32mp1: Implement board_fit_config_name_match() for SPL
fdt_support: Implement fdt_ethernet_set_macaddr()
arm: stm32mp: bsec: Update OTP shadow registers in SPL
arm: stm32mp: Factor out reading MAC address from OTP
stm32mp1: spl: Configure MAC address when booting OP-TEE
lib: Makefile: Make optee library available in SPL
ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb
stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads
ARM: dts: stm32mp: dts: Don't remove OPTEE nodes for DK2 boards
README| 4 -
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 6 +-
arch/arm/mach-stm32mp/bsec.c | 4 +-
arch/arm/mach-stm32mp/cpu.c | 59 --
.../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +
arch/arm/mach-stm32mp/spl.c | 3 +
board/st/stm32mp1/spl.c | 43
common/fdt_support.c | 30 +++
common/spl/Kconfig| 16 ++
common/spl/spl.c | 10 +-
common/spl/spl_mmc.c | 6 +-
configs/am335x_boneblack_vboot_defconfig | 2 +
configs/am335x_evm_defconfig | 2 +
configs/am335x_igep003x_defconfig | 2 +
configs/am335x_shc_defconfig | 2 +
configs/am335x_shc_ict_defconfig | 2 +
configs/am335x_shc_netboot_defconfig | 2 +
configs/am335x_shc_sdboot_defconfig | 2 +
configs/am335x_sl50_defconfig | 2 +
configs/am3517_evm_defconfig | 2 +
configs/am43xx_evm_defconfig | 2 +
configs/am43xx_evm_rtconly_defconfig | 2 +
configs/am43xx_evm_usbhost_boot_defconfig | 2 +
configs/am57xx_evm_defconfig | 2 +
configs/devkit8000_defconfig | 2 +
configs/display5_defc
[PATCH v3 01/13] spl: Untagle spl_start_uboot() from spl_mmc.c
The symbol spl_start_uboot() is provided in spl_mmc.c, but it may also
be provided by platform code.
Fireworks can be created with the following combination:
CONFIG_SPL_OS_BOOT is not set
CONFIG_SPL_MMC=y
ARCH provides spl_start_uboot()
A weak implementation of spl_start_uboot() exists in spl/spl.c, so
leverage that one and stop defining the symbol in spl_mmc.c. We need
the symbol because spl_start_uboot() is called in spl_mmc.c
irrespective of the Falcon mode being activated.
Signed-off-by: Alexandru Gagniuc
---
common/spl/spl.c | 10 ++
common/spl/spl_mmc.c | 4
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/common/spl/spl.c b/common/spl/spl.c
index a9304d4148..6232a23c9e 100644
--- a/common/spl/spl.c
+++ b/common/spl/spl.c
@@ -87,15 +87,17 @@ __weak int dram_init_banksize(void)
* 0 to not start u-boot
* positive if u-boot should start
*/
-#ifdef CONFIG_SPL_OS_BOOT
__weak int spl_start_uboot(void)
{
- puts(SPL_TPL_PROMPT
-"Please implement spl_start_uboot() for your board\n");
- puts(SPL_TPL_PROMPT "Direct Linux boot not active!\n");
+ if (IS_ENABLED(CONFIG_SPL_OS_BOOT)){
+ puts(SPL_TPL_PROMPT
+"Please implement spl_start_uboot() for your board\n");
+ puts(SPL_TPL_PROMPT "Direct Linux boot not active!\n");
+ }
return 1;
}
+#ifdef CONFIG_SPL_OS_BOOT
/*
* Weak default function for arch specific zImage check. Return zero
* and fill start and end address if image is recognized.
diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c
index d52f8a3eef..a9a588b04f 100644
--- a/common/spl/spl_mmc.c
+++ b/common/spl/spl_mmc.c
@@ -252,10 +252,6 @@ static int mmc_load_image_raw_os(struct spl_image_info
*spl_image,
return 0;
}
#else
-int spl_start_uboot(void)
-{
- return 1;
-}
static int mmc_load_image_raw_os(struct spl_image_info *spl_image,
struct mmc *mmc)
{
--
2.31.1
[RFC PATCH] test/py: Check hashes produced by mkimage against known values
Target code and mkimage share the same hashing infrastructure. If one
is wrong, it's very likely that both are wrong in the same way. Thus
testing won't catch hash regressions. This already happened in
commit 92055e138f28 ("image: Drop if/elseif hash selection in
calculate_hash()"). None of the tests caught that CRC32 was broken.
Instead of testing hash_calculate() against itself, create a FIT with
containing a kernel with pre-calculated hashes. Then check the hashes
produced against the known good hashes.
Signed-off-by: Alexandru Gagniuc
---
Desired:
$ ./test/py/test.py -k hash
...
test_mkimage_hashes PASSED
Is very cryptic with regards to what is going on. It would be much
nicer to have tests named "crc32", "sha256", and so on. But I don't
know how to do that without several pyton functions each assembling
their own damn FIT.
I think it would also be nicer for the test log to show
test_sha1 PASSED
test_crc32 PASSED
test_md5 FAILED
test/py/tests/test_fit_hashes.py| 111
test/py/tests/vboot/hash-images.its | 76 +++
2 files changed, 187 insertions(+)
create mode 100644 test/py/tests/test_fit_hashes.py
create mode 100644 test/py/tests/vboot/hash-images.its
diff --git a/test/py/tests/test_fit_hashes.py b/test/py/tests/test_fit_hashes.py
new file mode 100644
index 00..e228ea96d3
--- /dev/null
+++ b/test/py/tests/test_fit_hashes.py
@@ -0,0 +1,111 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2021 Alexandru Gagniuc
+
+"""
+Check hashes produced by mkimage against known values
+
+This test checks the correctness of mkimage's hashes. by comparing the mkimage
+output of a fixed data block with known good hashes.
+This test doesn't run the sandbox. It only checks the host tool 'mkimage'
+"""
+
+import pytest
+import u_boot_utils as util
+
+kernel_hashes = {
+"sha512" :
"f18c1486a2c29f56360301576cdfce4dfd8e8e932d0ed8e239a1f314b8ae1d77b2a58cd7fe32e4075e69448e623ce53b0b6aa6ce5626d2c189a5beae29a68d93",
+"sha384" :
"16e28976740048485d08d793d8bf043ebc7826baf2bc15feac72825ad67530ceb3d09e0deb6932c62a5a0e9f3936baf4",
+"sha256" :
"2955c56bc1e5050c111ba6e089e0f5342bb47dedf77d87e3f429095feb98a7e5",
+"sha1" : "652383e1a6d946953e1f65092c9435f6452c2ab7",
+"md5": "4879e5086e4c76128e525b5fe2af55f1",
+"crc32" : "32eddfdf",
+"crc16-ccitt" : "d4be"
+}
+
+class ReadonlyFitImage(object):
+""" Helper to manipulate a FIT image on disk """
+def __init__(self, cons, file_name):
+self.fit = file_name
+self.cons = cons
+self.hashable_nodes = set()
+
+def __fdt_list(self, path):
+return util.run_and_log(self.cons, f'fdtget -l {self.fit} {path}')
+
+def __fdt_get(self, node, prop):
+val = util.run_and_log(self.cons, f'fdtget {self.fit} {node} {prop}')
+return val.rstrip('\n')
+
+def __fdt_get_sexadecimal(self, node, prop):
+numbers = util.run_and_log(self.cons, f'fdtget -tbx {self.fit} {node}
{prop}')
+
+sexadecimal = ''
+for num in numbers.rstrip('\n').split(' '):
+sexadecimal += num.zfill(2)
+return sexadecimal
+
+def find_hashable_image_nodes(self):
+for node in self.__fdt_list('/images').split():
+# We only have known hashes for the kernel node
+if 'kernel' not in node:
+continue
+self.hashable_nodes.add(f'/images/{node}')
+
+return self.hashable_nodes
+
+def verify_hashes(self):
+for image in self.hashable_nodes:
+algos = set()
+for node in self.__fdt_list(image).split():
+if "hash-" not in node:
+continue
+
+raw_hash = self.__fdt_get_sexadecimal(f'{image}/{node}',
'value')
+algo = self.__fdt_get(f'{image}/{node}', 'algo')
+algos.add(algo)
+
+good_hash = kernel_hashes[algo]
+if good_hash != raw_hash:
+raise ValueError(f'{image} Borked hash: {algo}');
+
+# Did we test all the hashes we set out to test?
+missing_algos = kernel_hashes.keys() - algos
+if (missing_algos):
+raise ValueError(f'Missing hashes from FIT: {missing_algos}')
+
+
+@pytest.mark.buildconfigspec('hash')
+@pytest.mark.requiredtool('dtc')
+@pytest.mark.requiredtool('fdtget')
+@pytest.mark.requiredtool('fdtput')
+def test_mkimage_hashes(u_boot_console):
+""" Test that hashes generated by mkimage are correct. """
+
+def assemble_fit_image(dest_fit, its, destdir):
+dtc_args = f'-I dts -O dtb -i {destdir}'
+util.run_and_log(cons, [mkimage
[PATCH] image: Avoid erroneous double byte-swap in CRC value
The hash algorithm selection was streamlined in commit 92055e138f28
("image: Drop if/elseif hash selection in calculate_hash()"). Said
commit kept the call to cpu_to_uimage() to convert the CRC to big
endian format.
This would have been correct when calling crc32_wd(). However, the
->hash_func_ws member of crc32 points to crc32_wd_buf(), which already
converts the CRC to big endian. On a little endian host, doing both
conversions results in a little-endian CRC. This is incorrect.
To remedy this, simply drop the call to cpu_to_uimage(), thus only
doing the byte-order conversion once.
Fixes: 92055e138f28 ("image: Drop if/elseif hash selection in
calculate_hash()")
Tested-by: Tom Rini
Signed-off-by: Alexandru Gagniuc
---
common/image-fit.c | 9 -
1 file changed, 9 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 92d9141bcd..f02d437539 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1193,12 +1193,6 @@ int fit_set_timestamp(void *fit, int noffset, time_t
timestamp)
return 0;
}
-static void crc32_uimage_fixup(void *value)
-{
- /* TODO: In C, this type punning is undefined behavior: */
- *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
-}
-
/**
* calculate_hash - calculate and return hash for provided input data
* @data: pointer to the input data
@@ -1232,9 +1226,6 @@ int calculate_hash(const void *data, int data_len, const
char *name,
algo->hash_func_ws(data, data_len, value, algo->chunk_size);
*value_len = algo->digest_size;
- if (!strcmp(name, "crc32"))
- crc32_uimage_fixup(value);
-
return 0;
}
--
2.31.1
[PATCH 3/3] stm32mp1: Replace STM32MP15x_STM32IMAGE with TFABOOT_FIP_CONTAINER
Recently, mach-stm32mp gained the ability to boot from a TF-A FIP
container, bringing the following boot flows:
"basic" SPL -> u-boot
"falcon"SPL -> OP-TEE -> u-boot or kernel
"trusted" TF-A -> OP-TEE -> u-boot
"fip" TF-A -> FIP container
However, the implementation of the new "fip" flow brought changes
which break the "falcon" flow.
1) Removal of #ifdefs
One issue with the STM32MP15x_STM32IMAGE config is the introduction of
an inordinate amount of #ifdefs. This is contrary to u-boot's coding
practices, which prefer the linker and IS_ENABLED(). We can achieve
the same results by setting the CONFIG_MTDPARTS_* Kconfig strings
appropriately for the "fip" flow. The #ifdefs superfluous.
One justification for the #ifdefs is that they make it easier to
remove the soon to be obsoleted STM32IMAGE support. This argument is
unconvincing. There is no technical cost to removing code which is
not #ifdef'd versus code that is.
2) optee nodes in u-boot devicetree
The removal of the "optee" nodes from the u-boot devicetree is
problematic for the "falcon" flow. Only remove them for "fip".
3) Makefile logic for .stm32 images
Because we've removed CONFIG_STM32MP15x_STM32IMAGE, we can't use it in
mach-stm32mp/config.mk to control the creation of u-boot.stm32 images.
Instead of complicating the makefile logic, we revert to always
creating u-boot.stm32. Creation of this image is inconsequential to
how u-boot behaves at runtime.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 9
arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 9
arch/arm/mach-stm32mp/Kconfig | 7 --
.../cmd_stm32prog/cmd_stm32prog.c | 5 ++--
.../mach-stm32mp/cmd_stm32prog/stm32prog.c| 4
.../mach-stm32mp/cmd_stm32prog/stm32prog.h| 2 --
arch/arm/mach-stm32mp/config.mk | 2 +-
arch/arm/mach-stm32mp/fdt.c | 4 +---
.../arm/mach-stm32mp/include/mach/stm32prog.h | 2 --
board/st/common/Kconfig | 23 ++-
board/st/common/stm32mp_mtdparts.c| 20 +---
board/st/stm32mp1/stm32mp1.c | 6 ++---
configs/stm32mp15_tfaboot_fip_defconfig | 1 +
configs/stm32mp15_trusted_defconfig | 1 -
14 files changed, 30 insertions(+), 65 deletions(-)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index 0101962ea5..b1e1efdc9c 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -15,18 +15,18 @@
config {
u-boot,boot-led = "heartbeat";
u-boot,error-led = "error";
- u-boot,mmc-env-partition = "fip";
+ u-boot,mmc-env-partition = "ssbl";
st,adc_usb_pd = < 18>, < 19>;
st,fastboot-gpios = < 13 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
st,stm32prog-gpios = < 14 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
};
-#ifdef CONFIG_STM32MP15x_STM32IMAGE
+#ifdef CONFIG_TFABOOT_FIP_CONTAINER
config {
- u-boot,mmc-env-partition = "ssbl";
+ u-boot,mmc-env-partition = "fip";
};
+#endif
- /* only needed for boot with TF-A, witout FIP support */
firmware {
optee {
compatible = "linaro,optee-tz";
@@ -43,7 +43,6 @@
u-boot,dm-spl;
};
};
-#endif
led {
red {
diff --git a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi
b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi
index 32777384c6..184774df58 100644
--- a/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi
@@ -15,17 +15,17 @@
config {
u-boot,boot-led = "heartbeat";
u-boot,error-led = "error";
- u-boot,mmc-env-partition = "fip";
+ u-boot,mmc-env-partition = "ssbl";
st,fastboot-gpios = < 13 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
st,stm32prog-gpios = < 14 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
};
-#ifdef CONFIG_STM32MP15x_STM32IMAGE
+#ifdef CONFIG_TFABOOT_FIP_CONTAINER
config {
- u-boot,mmc-env-partition = "ssbl";
+ u-boot,mmc-env-partition = "fip";
};
+#endif
- /* only needed for boot with TF-A, witout FIP support */
firmware {
optee {
compatible = "linaro,optee-tz";
@@ -39,7 +39,6 @@
no-map;
};
};
-#endif
led {
re
[PATCH 2/3] arm: Kconfig: Introduce a TFABOOT_FIP_CONTAINER option
This option is intended to tell u-boot platform code that this u-boot build is expected to be used in a FIP container, as part of a TF-A boot flow. It is introduced because STM32MP1 platform code needs special considerations on a FIP boot, such as a different partition layout, and decisions about who should patch the FDT optee nodes. This Kconfig can be justified as a natural extension of TFABOOT. Signed-off-by: Alexandru Gagniuc --- arch/arm/Kconfig | 15 +++ 1 file changed, 15 insertions(+) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 2d59562665..0bfdc2adc4 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1907,6 +1907,21 @@ config TFABOOT Enabling this option will make a U-Boot binary that is relying on other firmware layers to provide secure functionality. +config TFABOOT_FIP_CONTAINER + bool "Support for booting from TF-A inside a FIP container" + depends on TFABOOT + help + TF-A has its own container format, named FIP (not to be confused with + FIT). The assumptions u-boot makes about the platform in a non-FIP + boot are not always true with FIP. + These differences could in theory be resolved with dynamic devicetree + patching. However TF-A either can't patch devicetrees, or is + unwilling to do so. Even then, passing such devicetree to u-boot + might require custom mechanisms. + Enabling this option will tell u-boot platform code that it is okay + to assume U-Boot will be started from a FIP container, even if such + assumptions would break things in a more normal setting. + config TI_SECURE_DEVICE bool "HS Device Type Support" depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3 -- 2.31.1
[PATCH 1/3] stm32mp: Rename FIP config to stm32mp15_tfaboot_fip_defconig
STM32MP has several possible boot flows with either SPL or TF-A. The
word from STM is that they only want to support TF-A with FIP images,
and this should be default. We don't disagree. However, this argument
is orthogonal to naming our defconfigs clearly.
I'm concerned that users might be confused by the current naming. When
given the choice between "basic", "trusted", or "", someone
used with how u-boot works will think that the "" config is the
customary "SPL + u-boot". However, such confusion is far less likely
when the choices are "basic", "trusted", and "tfaboot_fip".
To this effect, avoid having a naked config name and rename it to
"stm32mp15_tfaboot_fip_defconig".
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/MAINTAINERS| 2 +-
...defconfig => stm32mp15_tfaboot_fip_defconfig} | 0
doc/board/st/stm32mp1.rst| 16
3 files changed, 9 insertions(+), 9 deletions(-)
rename configs/{stm32mp15_defconfig => stm32mp15_tfaboot_fip_defconfig} (100%)
diff --git a/board/st/stm32mp1/MAINTAINERS b/board/st/stm32mp1/MAINTAINERS
index 0e6d80fb45..e2da11b46d 100644
--- a/board/st/stm32mp1/MAINTAINERS
+++ b/board/st/stm32mp1/MAINTAINERS
@@ -5,7 +5,7 @@ T: git
https://source.denx.de/u-boot/custodians/u-boot-stm.git
S: Maintained
F: arch/arm/dts/stm32mp15*
F: board/st/stm32mp1/
-F: configs/stm32mp15_defconfig
F: configs/stm32mp15_basic_defconfig
F: configs/stm32mp15_trusted_defconfig
+F: configs/stm32mp15_tfaboot_fip_defconfig
F: include/configs/stm32mp1.h
diff --git a/configs/stm32mp15_defconfig
b/configs/stm32mp15_tfaboot_fip_defconfig
similarity index 100%
rename from configs/stm32mp15_defconfig
rename to configs/stm32mp15_tfaboot_fip_defconfig
diff --git a/doc/board/st/stm32mp1.rst b/doc/board/st/stm32mp1.rst
index 42bb94148d..89981023be 100644
--- a/doc/board/st/stm32mp1.rst
+++ b/doc/board/st/stm32mp1.rst
@@ -76,7 +76,7 @@ The **Trusted** boot chain with TF-A_
`
defconfig_file :
- + **stm32mp15_defconfig** (for TF-A_ with FIP support)
+ + **stm32mp15_tfaboot_fip_defconfig** (for TF-A_ with FIP support)
+ **stm32mp15_trusted_defconfig** (for TF-A_ without FIP support)
+-+--++---+
@@ -184,7 +184,7 @@ Build Procedure
with :
- - For **trusted** boot mode : **stm32mp15_defconfig** or
+ - For **trusted** boot mode : **stm32mp15_tfaboot_fip_defconfig** or
stm32mp15_trusted_defconfig
- For basic boot mode: stm32mp15_basic_defconfig
@@ -197,7 +197,7 @@ Build Procedure
a) trusted boot with FIP on ev1::
# export KBUILD_OUTPUT=stm32mp15
- # make stm32mp15_defconfig
+ # make stm32mp15_tfaboot_fip_defconfig
# make DEVICE_TREE=stm32mp157c-ev1 all
b) trusted boot without FIP on dk2::
@@ -235,7 +235,7 @@ Build Procedure
So in the output directory (selected by KBUILD_OUTPUT),
you can found the needed U-Boot files:
- - stm32mp15_defconfig = **u-boot-nodtb.bin** and **u-boot.dtb**
+ - stm32mp15_tfaboot_fip_defconfig = **u-boot-nodtb.bin** and
**u-boot.dtb**
- stm32mp15_trusted_defconfig = u-boot.stm32
@@ -248,11 +248,11 @@ Build Procedure
7. TF-A_ compilation
- This step is required only for **Trusted** boot (stm32mp15_defconfig and
- stm32mp15_trusted_defconfig); see OP-TEE_ and TF-A_ documentation for build
- commands.
+ This step is required only for **Trusted** boot
+ (stm32mp15_tfaboot_fip_defconfig and stm32mp15_trusted_defconfig); see
+ OP-TEE_ and TF-A_ documentation for build commands.
- - For TF-A_ with FIP support: **stm32mp15_defconfig**
+ - For TF-A_ with FIP support: **stm32mp15_tfaboot_fip_defconfig**
- with OP-TEE_ support, compile the OP-TEE to generate the binary included
in FIP
--
2.31.1
[PATCH 0/3] stm32mp: Attempt to resolve unintended breakage with v2021.10-rc2
u-boot v2021.10-rc2 Introduced support for booting from FIP images
(not to be confused with FIT) for stm32mp. I am also working on a
different boot flow based on u-boot's falcon mode. The changes to
accommodate the FIP mode inadvertently broke the falcon flow. This
series intends to address that.
The core issue is that optee nodes are removed from the u-boot
devicetree. For reasons detailed in my other series
("[PATCH v2 00/11] stm32mp1: Support falcon mode with OP-TEE payloads")
the "optee" nodes are required.
It might seem like an obvious solution to "just re-add the nodes", but
I found out it didn't work like that. I couldn't use
STM32MP15x_STM32IMAGE to get me back my nodes, because that would have
required TFABOOT. What I needed was a new config that more accuratelyreflected
the available boot flows.
STM32MP15x_STM32IMAGE is a confusing because it conflates image
generation with u-boot behavior. I'm proposing replacing it with
TFABOOT_FIP_CONTAINER because I think this new config is much easier
to understand in layman's terms. I also thinks it maps more elegantly
to what STM is trying to do: add a new boot flow.
Alexandru Gagniuc (3):
stm32mp: Rename FIP config to stm32mp15_tfaboot_fip_defconig
arm: Kconfig: Introduce a TFABOOT_FIP_CONTAINER option
stm32mp1: Replace STM32MP15x_STM32IMAGE with TFABOOT_FIP_CONTAINER
arch/arm/Kconfig | 15
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 9
arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 9
arch/arm/mach-stm32mp/Kconfig | 7 --
.../cmd_stm32prog/cmd_stm32prog.c | 5 ++--
.../mach-stm32mp/cmd_stm32prog/stm32prog.c| 4
.../mach-stm32mp/cmd_stm32prog/stm32prog.h| 2 --
arch/arm/mach-stm32mp/config.mk | 2 +-
arch/arm/mach-stm32mp/fdt.c | 4 +---
.../arm/mach-stm32mp/include/mach/stm32prog.h | 2 --
board/st/common/Kconfig | 23 ++-
board/st/common/stm32mp_mtdparts.c| 20 +---
board/st/stm32mp1/MAINTAINERS | 2 +-
board/st/stm32mp1/stm32mp1.c | 6 ++---
...config => stm32mp15_tfaboot_fip_defconfig} | 1 +
configs/stm32mp15_trusted_defconfig | 1 -
doc/board/st/stm32mp1.rst | 16 ++---
17 files changed, 54 insertions(+), 74 deletions(-)
rename configs/{stm32mp15_defconfig => stm32mp15_tfaboot_fip_defconfig} (99%)
--
2.31.1
[PATCH v2 10/11] ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb
The optee "/firmware" node is normally used to load the OP-TEE driver.
SPL does not use it this way, but instead uses it to patch the kernel
devicetree when booting OP-TEE. This seems weird, as OP-TEE -- which
would run after SPL -- is capable of patching the devicetree and
adding the required "/firmware" and "/reserved-memory" nodes.
However, OP-TEE's devicetree patching (CFG_DT=y) comes with a
significant boot time penalty. Measurements put it between 700 to 1800
milliseconds. SPL can also do this patching, without incurring a
measurable increase in boot time. This is the use case for falcon
mode, which is the main reason to launch OP-TEE from SPL.
Although some OP-TEE configurations do not require any pre-patching of
the devicetree, there are good use cases for doing so. As far as
concerns with adding the nodes twice, OP-TEE will not add the node if
it already-exists.
Add the "/firmware/optee" node the SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index b314ce2dac..7deb0f5d70 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -33,6 +33,7 @@
optee {
compatible = "linaro,optee-tz";
method = "smc";
+ u-boot,dm-spl;
};
};
--
2.31.1
[PATCH v2 11/11] stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads
OP-TEE does not take a devicetree for its own use. However, it does
pass the devicetree to the normal world OS. In most cases that will
be some other devicetree-bearing platform, such as linux.
OP-TEE is capable of patching the devicetree and adding the required
"/firmware" and "/reserved-memory" nodes. Not all OP-TEE
configurations do so, and it would need to be explicitly enabled
(CFG_DT=y). There is a measurable boot time penalty to enabling this
feature, and sometimes it is preferrable to do it in SPL for this
exact reason.
As such, there are cases where it is required to copy the optee nodes
to he target's FDT. Do this as part of spl_board_prepare_for_optee().
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index d9fdc5926c..94fbb45cf9 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
u32 spl_boot_device(void)
{
@@ -182,6 +183,7 @@ void stm32_init_tzc_for_optee(void)
void spl_board_prepare_for_optee(void *fdt)
{
stm32_fdt_setup_mac_addr(fdt);
+ optee_copy_fdt_nodes(fdt);
stm32_init_tzc_for_optee();
}
--
2.31.1
[PATCH v2 09/11] lib: Makefile: Make optee library available in SPL
We want the optee_copy_fdt_nodes symbols in SPL. This is for cases when booting an OPTEE payload directly. Signed-off-by: Alexandru Gagniuc --- lib/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Makefile b/lib/Makefile index 8ba745faa0..73dacbb01b 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -16,7 +16,6 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ -obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o obj-y += crypto/ @@ -74,6 +73,7 @@ obj-$(CONFIG_$(SPL_)GZIP) += gunzip.o obj-$(CONFIG_$(SPL_)LZO) += lzo/ obj-$(CONFIG_$(SPL_)LZMA) += lzma/ obj-$(CONFIG_$(SPL_)LZ4) += lz4_wrapper.o +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_$(SPL_)LIB_RATIONAL) += rational.o -- 2.31.1
[PATCH v2 08/11] stm32mp1: spl: Configure MAC address when booting OP-TEE
When OP-TEE is booted as the SPL payload, the stage after OP-TEE is
not guaranteed to be u-boot. Thus the FDT patching in u-boot is not
guaranteed to occur. Add this step to SPL.
The patching by stm32_fdt_setup_mac_addr() is done in SPL, and patches
the target FDT directly. This differs is different from
setup_mac_address(), which sets the "ethaddr" env variable, and does
not work in SPL.
An alternative way of setting the MAC is to patch the kernel's
devicetree to use the "nvmem-cells" property. This would backend on
the linux BSEC driver, which relies on an SMCC call. That call is
implemented only by TF-A, not by SPL. Thus linux will not be able to
read the MAC from OTP, and this alternative method will fail.
Changing the linux driver is not feasible is our goal is to support
the current linux LTS release (v5.14). Implementing the SMCC call
would require SPL finagling, and possibly carry security side-effects.
Thus, adding "mac-address" nodes to the kernel devicetree is the most
economical method in terms of lines of code and complexity.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 22 +++
.../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++
arch/arm/mach-stm32mp/spl.c | 1 +
3 files changed, 26 insertions(+)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
index 8727de513c..2b8b67bb40 100644
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -646,6 +647,27 @@ __weak int setup_mac_address(void)
return 0;
}
+int stm32_fdt_setup_mac_addr(void *fdt)
+{
+ int ret;
+ uchar enetaddr[ARP_HLEN];
+
+ ret = stm32_read_otp_mac(enetaddr);
+ if (ret < 0)
+ return ret;
+
+ if (!is_valid_ethaddr(enetaddr)) {
+ printf("invalid MAC address in OTP\n");
+ return -EINVAL;
+ }
+
+ ret = fdt_ethernet_set_macaddr(fdt, 0, enetaddr);
+ if (ret)
+ debug("Failed to set mac address from OTP: %d\n", ret);
+
+ return ret;
+}
+
static int setup_serial_number(void)
{
char serial_string[25];
diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
index 4149d3a133..2d24cfee3f 100644
--- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
+++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
@@ -47,7 +47,10 @@ void get_soc_name(char name[SOC_NAME_SIZE]);
/* return boot mode */
u32 get_bootmode(void);
+/* Set 'ethaddr' env variable with MAC from OTP (useful for u-boot proper) */
int setup_mac_address(void);
+/* Patch the first 'ethernet' node of FDT with MAC from OTP (useful for SPL) */
+int stm32_fdt_setup_mac_addr(void *fdt);
/* board power management : configure vddcore according OPP */
void board_vddcore_init(u32 voltage_mv);
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index 405eff68a3..d9fdc5926c 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -181,6 +181,7 @@ void stm32_init_tzc_for_optee(void)
void spl_board_prepare_for_optee(void *fdt)
{
+ stm32_fdt_setup_mac_addr(fdt);
stm32_init_tzc_for_optee();
}
--
2.31.1
[PATCH v2 01/11] spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig
Although Falcon mode is very useful in improving boot speed, its implementation is quite antiquated. A question that Falcon mode asks is "Where do I look for the kernel". With MMC boot media, the correct answer is CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR. There are a few things to be said about the wisdom of using a raw sector as opposed to more elegant schemes. However, changing how falcon mode works is beyond the scope of this change. Signed-off-by: Alexandru Gagniuc --- README| 4 common/spl/Kconfig| 11 +++ configs/am335x_boneblack_vboot_defconfig | 1 + configs/am335x_evm_defconfig | 1 + configs/am335x_igep003x_defconfig | 1 + configs/am335x_shc_defconfig | 1 + configs/am335x_shc_ict_defconfig | 1 + configs/am335x_shc_netboot_defconfig | 1 + configs/am335x_shc_sdboot_defconfig | 1 + configs/am335x_sl50_defconfig | 1 + configs/am3517_evm_defconfig | 1 + configs/am43xx_evm_defconfig | 1 + configs/am43xx_evm_rtconly_defconfig | 1 + configs/am43xx_evm_usbhost_boot_defconfig | 1 + configs/am57xx_evm_defconfig | 1 + configs/devkit8000_defconfig | 1 + configs/display5_defconfig| 1 + configs/display5_factory_defconfig| 1 + configs/dra7xx_evm_defconfig | 1 + configs/gwventana_emmc_defconfig | 1 + configs/gwventana_gw5904_defconfig| 1 + configs/gwventana_nand_defconfig | 1 + configs/igep00x0_defconfig| 1 + configs/imx6dl_mamoj_defconfig| 1 + configs/imx6q_logic_defconfig | 1 + configs/imx6qdl_icore_mipi_defconfig | 1 + configs/imx6qdl_icore_mmc_defconfig | 1 + configs/imx6qdl_icore_rqs_defconfig | 1 + configs/mccmon6_nor_defconfig | 1 + configs/omap35_logic_defconfig| 1 + configs/omap35_logic_somlv_defconfig | 1 + configs/omap3_logic_defconfig | 1 + configs/omap3_logic_somlv_defconfig | 1 + configs/omap4_panda_defconfig | 1 + configs/omap5_uevm_defconfig | 1 + include/configs/brppt1.h | 1 - include/configs/devkit8000.h | 2 -- include/configs/display5.h| 1 - include/configs/embestmx6boards.h | 1 - include/configs/gw_ventana.h | 1 - include/configs/imx6-engicam.h| 1 - include/configs/imx6_logic.h | 1 - include/configs/imx6dl-mamoj.h| 1 - include/configs/ls1043ardb.h | 1 - include/configs/mccmon6.h | 1 - include/configs/mx6sabreauto.h| 1 - include/configs/mx6sabresd.h | 1 - include/configs/pico-imx6.h | 1 - include/configs/pico-imx6ul.h | 1 - include/configs/pico-imx7d.h | 1 - include/configs/sama5d3_xplained.h| 1 - include/configs/tam3517-common.h | 1 - include/configs/ti_armv7_common.h | 1 - include/configs/vyasa-rk3288.h| 1 - include/configs/xea.h | 1 - include/configs/xilinx_zynqmp.h | 1 - include/configs/zynq-common.h | 1 - scripts/config_whitelist.txt | 1 - 58 files changed, 44 insertions(+), 28 deletions(-) diff --git a/README b/README index 1c1db98098..7df53a9861 100644 --- a/README +++ b/README @@ -2182,10 +2182,6 @@ The following options need to be configured: Partition on the MMC to load U-Boot from when the MMC is being used in raw mode - CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR - Sector to load kernel uImage from when MMC is being - used in raw mode (for Falcon mode) - CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTOR, CONFIG_SYS_MMCSD_RAW_MODE_ARGS_SECTORS Sector and number of sectors to load kernel argument diff --git a/common/spl/Kconfig b/common/spl/Kconfig index c155a3b5fc..1c6b57af49 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -990,6 +990,17 @@ config SYS_OS_BASE endif # SPL_OS_BOOT +config SYS_MMCSD_RAW_MODE_KERNEL_SECTOR + hex "Falcon mode: Sector to load kernel uImage from MMC" + default 0x0 + depends on SPL_OS_BOOT + help + When Falcon mode is used with an MMC or SD media, SPL needs to know + where to look for the kernel uImage. The image is expected to begin + at the raw MMC specified in this config. + Note that the Falcon mode image can also be a FIT, if FIT support is + enabled. + config SPL_PAYLOAD string "SPL payload" default "tpl/u-boot-with-tpl.bin" if TPL diff --git a/configs/am335x_boneblack_vboot_defconfig b/configs/am335x_boneblack_vboot_defco
[PATCH v2 05/11] fdt_support: Implement fdt_ethernet_set_macaddr()
Oftentimes we have MAC address information stored in a ROM or OTP. The
way to add that to the FDT would be through the u-boot environment,
and then fdt_fixup_ethernet(). This is not very useful in SPL.
It would be more helpful to be able to "set interface x to MAC y".
This is where fdt_ethernet_set_macaddr() comes in. It is similar in
function to fdt_fixup_ethernet(), but only updates one interface,
without using the u-boot env, and without string processing.
Signed-off-by: Alexandru Gagniuc
---
common/fdt_support.c | 30 ++
include/fdt_support.h | 17 +
2 files changed, 47 insertions(+)
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 8992ac5d3f..1c43640cf7 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -610,6 +610,36 @@ void fdt_fixup_ethernet(void *fdt)
}
}
+int fdt_ethernet_set_macaddr(void *fdt, int ethnum, const uint8_t *mac_addr)
+{
+ const char *path, *name;
+ int prop, aliases_node;
+ char eth_name[16] = "ethernet";
+
+ aliases_node = fdt_path_offset(fdt, "/aliases");
+ if (aliases_node < 0)
+ return aliases_node;
+
+ if (ethnum >= 0)
+ sprintf(eth_name, "ethernet%d", ethnum);
+
+ fdt_for_each_property_offset(prop, fdt, aliases_node) {
+ path = fdt_getprop_by_offset(fdt, prop, , NULL);
+ if (!strcmp(name, eth_name))
+ break;
+
+ path = NULL;
+ }
+
+ if (!path)
+ return -FDT_ERR_NOTFOUND;
+
+ do_fixup_by_path(fdt, path, "mac-address", mac_addr, 6, 0);
+ do_fixup_by_path(fdt, path, "local-mac-address", mac_addr, 6, 1);
+
+ return 0;
+}
+
int fdt_record_loadable(void *blob, u32 index, const char *name,
uintptr_t load_addr, u32 size, uintptr_t entry_point,
const char *type, const char *os, const char *arch)
diff --git a/include/fdt_support.h b/include/fdt_support.h
index f6f46bb8e9..3f0bcb5a00 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -119,6 +119,23 @@ static inline int fdt_fixup_memory_banks(void *blob, u64
start[], u64 size[],
#endif
void fdt_fixup_ethernet(void *fdt);
+
+/**
+ * Set the "mac-address" and "local-mac-address" of ethernet node
+ * The ethernet node is located from the "/aliases" section of the fdt. When
+ * 'ethnum' is positive, then the name is matched exactly, e.g "ethernet0".
+ * When ethnum is negative, the first ethernet alias is updated.
+ * Unlike fdt_fixup_ethernet(), this function only updates one ethernet node,
+ * and soes not use the "ethaddr" from the u-boot environment. This is useful,
+ * for example, in SPL, when the environment is not initialized or available.
+ *
+ * @param fdt FDT blob to update
+ * @param ethnum Ethernet device index, or negative for any ethernet
+ * @param mac_addr Pointer to 6-byte array containing the MAC address
+ *
+ * @return 0 if ok, or -FDT_ERR_... on error
+ */
+int fdt_ethernet_set_macaddr(void *fdt, int ethnum, const uint8_t *mac_addr);
int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
const void *val, int len, int create);
void fdt_fixup_qe_firmware(void *fdt);
--
2.31.1
[PATCH v2 07/11] arm: stm32mp: Factor out reading MAC address from OTP
Move the reading the OTP into a separate function. This is
required for a subsequent change which sets the MAC in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 37 +++--
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
index eb79f3ffd2..8727de513c 100644
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@@ -593,6 +593,28 @@ static void setup_boot_mode(void)
clrsetbits_le32(TAMP_BOOT_CONTEXT, TAMP_BOOT_FORCED_MASK, BOOT_NORMAL);
}
+static int stm32_read_otp_mac(uint8_t enetaddr[ARP_HLEN])
+{
+ struct udevice *dev;
+ int ret, i;
+ u32 otp[2];
+
+ ret = uclass_get_device_by_driver(UCLASS_MISC,
+ DM_DRIVER_GET(stm32mp_bsec),
+ );
+ if (ret)
+ return ret;
+
+ ret = misc_read(dev, STM32_BSEC_SHADOW(BSEC_OTP_MAC), otp, sizeof(otp));
+ if (ret < 0)
+ return ret;
+
+ for (i = 0; i < ARP_HLEN; i++)
+ enetaddr[i] = ((uint8_t *))[i];
+
+ return 0;
+}
+
/*
* If there is no MAC address in the environment, then it will be initialized
* (silently) from the value in the OTP.
@@ -601,29 +623,16 @@ __weak int setup_mac_address(void)
{
#if defined(CONFIG_NET)
int ret;
- int i;
- u32 otp[2];
uchar enetaddr[6];
- struct udevice *dev;
/* MAC already in environment */
if (eth_env_get_enetaddr("ethaddr", enetaddr))
return 0;
- ret = uclass_get_device_by_driver(UCLASS_MISC,
- DM_DRIVER_GET(stm32mp_bsec),
- );
- if (ret)
- return ret;
-
- ret = misc_read(dev, STM32_BSEC_SHADOW(BSEC_OTP_MAC),
- otp, sizeof(otp));
+ ret = stm32_read_otp_mac(enetaddr);
if (ret < 0)
return ret;
- for (i = 0; i < 6; i++)
- enetaddr[i] = ((uint8_t *))[i];
-
if (!is_valid_ethaddr(enetaddr)) {
log_err("invalid MAC address in OTP %pM\n", enetaddr);
return -EINVAL;
--
2.31.1
[PATCH v2 06/11] arm: stm32mp: bsec: Update OTP shadow registers in SPL
For TFABOOT and SPL_BUILD, stm32mp_bsec_probe() skipped updating the
OTP shadow registers. The idea is that we can't access BSEC from the
normal world. This is true with TFABOOT. However, in SPL, we are in
the secure world, so skipping probe is incorrect. In fact, SPL is not
even built when TFABOOT is selected.
Thus, do not skip this step for SPL_BUILD. Note that because SPL is
now doing this step, we no longer need to do it in u-boot. The new
logic is "let the FSBL do it", which is simpler.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/bsec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c
index fe39bd80cf..41ed5f3cf5 100644
--- a/arch/arm/mach-stm32mp/bsec.c
+++ b/arch/arm/mach-stm32mp/bsec.c
@@ -503,10 +503,10 @@ static int stm32mp_bsec_probe(struct udevice *dev)
/*
* update unlocked shadow for OTP cleared by the rom code
-* only executed in U-Boot proper when TF-A is not used
+* Executed only by FSBL (SPL or TF-A)
*/
- if (!IS_ENABLED(CONFIG_TFABOOT) && !IS_ENABLED(CONFIG_SPL_BUILD)) {
+ if (IS_ENABLED(CONFIG_SPL_BUILD)) {
plat = dev_get_plat(dev);
for (otp = 57; otp <= BSEC_OTP_MAX_VALUE; otp++)
--
2.31.1
[PATCH v2 03/11] stm32mp1: Add support for falcon mode boot from SD card
Falcon mode requires a board-specific mechanism to select between
fast and normal boot. This is done via spl_start_uboot()
Use the USER2 button as the selection mechanism. This is connected to
GPIO PA13. This GPIO is already accessible via the "st,fastboot-gpios"
devicetree node, but is is also aliased as "u-boot,falcon-gpios". This
is the only button on DK2 which accessible simultaneously to the RESET
button. USER2 is too close, and I can't fit my fingers to press both.
The fact that USER2 is also used for android fastboot is of no
consequence. One can let go of USER2 after SPL but before being
sampled by u-boot. If that is missed, it's okay, u-boot tries to
initialize the ethernet, which can be stopped with a Ctr-C. This
conveniently opens up a u-boot shell.
Offsets for raw MMC loading are defined. These point to the partition
after "ssbl". Offsets for SPI are not defined, and thus SPL_LOAD_SPI
must be disabled to avoid a build failure. The only way to accommodate
this is to add a new defconfig, adventurously named stm32mp1_falcon.
The baudrate is set to 2 Mbaud, as the point of this config is to boot
fast. The default devicetree is set to -dk2. This is because EV1 does
not have a crypto-enabled CPU, and thus enabling ECDSA support would
have made far less sense. That and all the goodies with FIT in SPL
are enabled to give this config some continuous integration TLC.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 2 +
board/st/stm32mp1/spl.c | 39 +
configs/stm32mp15_falcon_defconfig | 181 +++
3 files changed, 222 insertions(+)
create mode 100644 configs/stm32mp15_falcon_defconfig
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index 0101962ea5..b314ce2dac 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -16,6 +16,8 @@
u-boot,boot-led = "heartbeat";
u-boot,error-led = "error";
u-boot,mmc-env-partition = "fip";
+ /* This is the same as fastboot-gpios. This is on purpose */
+ u-boot,falcon-gpios = < 13 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
st,adc_usb_pd = < 18>, < 19>;
st,fastboot-gpios = < 13 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
st,stm32prog-gpios = < 14 (GPIO_ACTIVE_LOW |
GPIO_PULL_UP)>;
diff --git a/board/st/stm32mp1/spl.c b/board/st/stm32mp1/spl.c
index 8e4549a1b3..921d0190e0 100644
--- a/board/st/stm32mp1/spl.c
+++ b/board/st/stm32mp1/spl.c
@@ -8,6 +8,7 @@
#include
#include
#include
+#include
#include
#include
#include "../common/stpmic1.h"
@@ -29,6 +30,44 @@ int board_early_init_f(void)
return 0;
}
+#if IS_ENABLED(CONFIG_SPL_OS_BOOT)
+int spl_start_uboot(void)
+{
+ ofnode node;
+ struct gpio_desc gpio;
+ int boot_uboot = 1;
+
+ node = ofnode_path("/config");
+ if (!ofnode_valid(node)) {
+ pr_warn("%s: no /config node?\n", __func__);
+ return 0;
+ }
+
+ if (gpio_request_by_name_nodev(node, "u-boot,falcon-gpios", 0, ,
+ GPIOD_IS_IN)) {
+ pr_warn("%s: could not find a /config/u-boot,falcon-gpios\n",
+ __func__);
+ return 1;
+ }
+
+ boot_uboot = dm_gpio_get_value();
+ dm_gpio_free(NULL, );
+
+ return boot_uboot;
+}
+
+#if IS_ENABLED(CONFIG_ARMV7_NONSEC)
+/*
+ * A bit of a hack, but armv7_boot_nonsec() is provided by bootm.c. This is not
+ * available in SPL, so we have to provide an implementation.
+ */
+bool armv7_boot_nonsec(void)
+{
+ return 0;
+}
+#endif /* CONFIG_ARMV7_NONSEC */
+#endif /* CONFIG_SPL_OS_BOOT */
+
#ifdef CONFIG_DEBUG_UART_BOARD_INIT
void board_debug_uart_init(void)
{
diff --git a/configs/stm32mp15_falcon_defconfig
b/configs/stm32mp15_falcon_defconfig
new file mode 100644
index 00..f86ef41589
--- /dev/null
+++ b/configs/stm32mp15_falcon_defconfig
@@ -0,0 +1,181 @@
+CONFIG_ARM=y
+CONFIG_ARCH_STM32MP=y
+CONFIG_SYS_MALLOC_F_LEN=0x3000
+CONFIG_SYS_MEMTEST_START=0xc000
+CONFIG_SYS_MEMTEST_END=0xc400
+CONFIG_ENV_OFFSET=0x28
+CONFIG_ENV_SECT_SIZE=0x4
+CONFIG_DEFAULT_DEVICE_TREE="stm32mp157c-dk2"
+CONFIG_SPL_TEXT_BASE=0x2FFC2500
+CONFIG_SPL_MMC_SUPPORT=y
+CONFIG_SPL=y
+CONFIG_TARGET_ST_STM32MP15x=y
+CONFIG_CMD_STM32KEY=y
+CONFIG_CMD_STM32PROG=y
+CONFIG_ENV_OFFSET_REDUND=0x2C
+CONFIG_TYPEC_STUSB160X=y
+# CONFIG_ARMV7_VIRT is not set
+CONFIG_DISTRO_DEFAULTS=y
+CONFIG_FIT=y
+CONFIG_SPL_LOAD_FIT=y
+CONFIG_SPL_LOAD_FIT_APPLY_OVERLAY=y
+# CONFIG_USE_SPL_FIT_GENERATOR is not set
+CONFIG_BOOTDELAY=1
+CONFIG_BOOTCOMMAND="run bootcmd_stm32mp"
+CONFIG_SPL_LOG=y
+CONFIG_BOARD_EARLY_INIT_F=y
+CO
[PATCH v2 04/11] board: stm32mp1: Implement board_fit_config_name_match() for SPL
This function is needed when loading a FIT image from SPL. It selects
the correct configuration node for the current board. Implement it.
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b/board/st/stm32mp1/spl.c
index 921d0190e0..7542ee52c9 100644
--- a/board/st/stm32mp1/spl.c
+++ b/board/st/stm32mp1/spl.c
@@ -5,6 +5,7 @@
#include
#include
+#include
#include
#include
#include
@@ -92,3 +93,16 @@ void board_debug_uart_init(void)
#endif
}
#endif
+
+int board_fit_config_name_match(const char *name)
+{
+ const void *compatible;
+
+ compatible = fdt_getprop(gd->fdt_blob, 0, "compatible", NULL);
+
+ /* only STM boards are supported (currently) */
+ if (strncmp(compatible, "st,", 3) != 0)
+ return 1;
+
+ return !strstr(name, compatible + 3);
+}
--
2.31.1
[PATCH v2 02/11] stm32mp1: Add support for baudrates higher than 115200
The UART can reliably go up to 200 baud when connected to the
on-board st-link. Unfortunately u-boot will fall back to 115200 unless
higher rates are declared via CONFIG_SYS_BAUDRATE_TABLE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Patrick Delaunay
---
include/configs/stm32mp1.h | 4
1 file changed, 4 insertions(+)
diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h
index b372838be8..9fcd60285a 100644
--- a/include/configs/stm32mp1.h
+++ b/include/configs/stm32mp1.h
@@ -16,6 +16,10 @@
#define CONFIG_ARMV7_SECURE_MAX_SIZE STM32_SYSRAM_SIZE
#endif
+#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 19200, 38400, 57600, 115200, \
+230400, 460800, 921600, \
+100, 200 }
+
/*
* Configuration of the external SRAM memory used by U-Boot
*/
--
2.31.1
[PATCH v2 00/11] stm32mp1: Support falcon mode with OP-TEE payloads
My goal when I started on this project a year ago was to get to linux userspace within a second from power on. Oh, and it had to be secure! Contrast that to the two minutes it took the STLinux demo to come up. It was obvious that the accepted way of running an FSBL, then SSBL was going to blow the time budget. There really wasn't a good solution, and traditional falcon mode with "spl export" command was not secure. I chose to use SPL with a FIT payload. We have to add certain logic to SPL, as well as some FDT modifications that would be normally done in u-boot. The boot flow is SPL -> OP-TEE -> Linux One of the major complaints of v1 was that we shouldn't be patching the devicetree with optee nodes in SPL. Instead, we should let OP-TEE add the required nodes. I tried it, found a huge boot time penalty, and decided against it. Another issue from v1 that I was unable to address is the MAC address. It was suggested to use the "nvmem-cells" FDT property to tell linux where in the OTP to read the MAC. Because of the way the linux BSEC driver is written, this would only work with TF-A, but fails with SPL. There is also the issue of how to make the optee/ library available to SPL. Patrick has a couple of patches up regarding the issue, so I have not touched it in this series. Changes since v1: - Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig instead of stm32mp1.h - Create a new defconfig for STM32MP in falcon mode - Rework board_fit_config_name_match() per Patrick's suggestions - Use "u-boot,falcon-gpios" instead of "st,fastboot-gpios" - Only update shadow registers in SPL for BSEC .probe() Alexandru Gagniuc (11): spl: Move SYS_MMCSD_RAW_MODE_KERNEL_SECTOR to Kconfig stm32mp1: Add support for baudrates higher than 115200 stm32mp1: Add support for falcon mode boot from SD card board: stm32mp1: Implement board_fit_config_name_match() for SPL fdt_support: Implement fdt_ethernet_set_macaddr() arm: stm32mp: bsec: Update OTP shadow registers in SPL arm: stm32mp: Factor out reading MAC address from OTP stm32mp1: spl: Configure MAC address when booting OP-TEE lib: Makefile: Make optee library available in SPL ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads README| 4 - arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 3 + arch/arm/mach-stm32mp/bsec.c | 4 +- arch/arm/mach-stm32mp/cpu.c | 59 -- .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 + arch/arm/mach-stm32mp/spl.c | 3 + board/st/stm32mp1/spl.c | 53 + common/fdt_support.c | 30 +++ common/spl/Kconfig| 11 ++ configs/am335x_boneblack_vboot_defconfig | 1 + configs/am335x_evm_defconfig | 1 + configs/am335x_igep003x_defconfig | 1 + configs/am335x_shc_defconfig | 1 + configs/am335x_shc_ict_defconfig | 1 + configs/am335x_shc_netboot_defconfig | 1 + configs/am335x_shc_sdboot_defconfig | 1 + configs/am335x_sl50_defconfig | 1 + configs/am3517_evm_defconfig | 1 + configs/am43xx_evm_defconfig | 1 + configs/am43xx_evm_rtconly_defconfig | 1 + configs/am43xx_evm_usbhost_boot_defconfig | 1 + configs/am57xx_evm_defconfig | 1 + configs/devkit8000_defconfig | 1 + configs/display5_defconfig| 1 + configs/display5_factory_defconfig| 1 + configs/dra7xx_evm_defconfig | 1 + configs/gwventana_emmc_defconfig | 1 + configs/gwventana_gw5904_defconfig| 1 + configs/gwventana_nand_defconfig | 1 + configs/igep00x0_defconfig| 1 + configs/imx6dl_mamoj_defconfig| 1 + configs/imx6q_logic_defconfig | 1 + configs/imx6qdl_icore_mipi_defconfig | 1 + configs/imx6qdl_icore_mmc_defconfig | 1 + configs/imx6qdl_icore_rqs_defconfig | 1 + configs/mccmon6_nor_defconfig | 1 + configs/omap35_logic_defconfig| 1 + configs/omap35_logic_somlv_defconfig | 1 + configs/omap3_logic_defconfig | 1 + configs/omap3_logic_somlv_defconfig | 1 + configs/omap4_panda_defconfig | 1 + configs/omap5_uevm_defconfig | 1 + configs/stm32mp15_falcon_defconfig| 181 ++ include/configs/brppt1.h | 1 - include/configs/devkit8000.h | 2 - include/configs/display5.h| 1 - include/configs/embestmx6boards.h | 1 - includ
[PATCH 4/4] arm: imx: mx7: Move CONFIG_OPTEE_TZDRAM_SIZE from lib/optee
This config is only used by three boards with this SOC. Most other platforms derive this information from devicetree, and are unlikely to ever need this config. Moreover, it is confusing when Kconfig asks for this value under "Support OPTEE images", but does not do anything with the value. Move it to imx7 for those boards who still make use of it. Signed-off-by: Alexandru Gagniuc --- arch/arm/mach-imx/mx7/Kconfig | 8 lib/optee/Kconfig | 8 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/arm/mach-imx/mx7/Kconfig b/arch/arm/mach-imx/mx7/Kconfig index adedc01164..26cb10f6a8 100644 --- a/arch/arm/mach-imx/mx7/Kconfig +++ b/arch/arm/mach-imx/mx7/Kconfig @@ -23,6 +23,14 @@ config SPL_TEXT_BASE depends on SPL default 0x00912000 +config OPTEE_TZDRAM_SIZE + hex "Amount of Trust-Zone RAM for the OPTEE image" + default 0x000 + depends on OPTEE + help + The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE + runtime. + choice prompt "MX7 board select" optional diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index 26677b7548..9d11b5f37d 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -7,14 +7,6 @@ config OPTEE OPTEE specific checks before booting an OPTEE image created with mkimage. -config OPTEE_TZDRAM_SIZE - hex "Amount of Trust-Zone RAM for the OPTEE image" - default 0x000 - depends on OPTEE - help - The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE - runtime. - config BOOTM_OPTEE bool "Support OPTEE bootm command" select BOOTM_LINUX -- 2.31.1
[PATCH 3/4] lib: optee: Remove CONFIG_OPTEE_LOAD_ADDR
This value is not used by u-boot, and it should not. The load address
of an OPTEE image is defined by said image. Either a uImage or a FIT
will have a defined load address and entry point. Those values are the
correct ones, not CONFIG_OPTEE_LOAD_ADDR.
Commit f25006b96e9f ("optee: Add CONFIG_OPTEE_LOAD_ADDR") justifies
this config by requiring its presence in u-boot's .config for other
images as part of a larger build, claiming it is "the best way".
This argument is not persuasive. U-boot's configuration is driven by
platform requirements, not the other way around. It seems more likely
that the argument is conflating tooling issues with Kconfig. Yocto and
buildroot have excellent mechanisms for defining values across the
board (pun intended). u-boot's Kconfig is the wrong place to do it.
Furthermore, it is not "best" for u-boot because it hardcodes a value
which is then not used. In fact the load address that u-boot uses is
the one derived from the OPTEE image.
Confused yet? I sure was. To prevent future confusion, remove
CONFIG_OPTEE_LOAD_ADDR.
Signed-off-by: Alexandru Gagniuc
---
configs/warp7_defconfig | 1 -
include/configs/warp7.h | 5 -
lib/optee/Kconfig | 7 ---
3 files changed, 13 deletions(-)
diff --git a/configs/warp7_defconfig b/configs/warp7_defconfig
index 1514019064..b872548464 100644
--- a/configs/warp7_defconfig
+++ b/configs/warp7_defconfig
@@ -71,6 +71,5 @@ CONFIG_USB_GADGET_DOWNLOAD=y
CONFIG_USB_ETHER=y
CONFIG_USB_ETH_CDC=y
CONFIG_USBNET_HOST_ADDR="de:ad:be:af:00:00"
-CONFIG_OPTEE_LOAD_ADDR=0x8400
CONFIG_OPTEE_TZDRAM_SIZE=0x300
CONFIG_BOOTM_OPTEE=y
diff --git a/include/configs/warp7.h b/include/configs/warp7.h
index a5d52e3977..0df7e3b146 100644
--- a/include/configs/warp7.h
+++ b/include/configs/warp7.h
@@ -34,10 +34,6 @@
#define BOOT_SCR_STRING "source ${bootscriptaddr}\0"
#endif
-#ifndef CONFIG_OPTEE_LOAD_ADDR
-#define CONFIG_OPTEE_LOAD_ADDR 0
-#endif
-
#define CONFIG_EXTRA_ENV_SETTINGS \
CONFIG_DFU_ENV_SETTINGS \
"script=boot.scr\0" \
@@ -52,7 +48,6 @@
"fdt_file=imx7s-warp.dtb\0" \
"fdt_addr=" __stringify(CONFIG_SYS_FDT_ADDR)"\0" \
"fdtovaddr=0x8310\0" \
- "optee_addr=" __stringify(CONFIG_OPTEE_LOAD_ADDR)"\0" \
"boot_fdt=try\0" \
"ip_dyn=yes\0" \
"mmcdev="__stringify(CONFIG_SYS_MMC_ENV_DEV)"\0" \
diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig
index 831e9f4ac6..26677b7548 100644
--- a/lib/optee/Kconfig
+++ b/lib/optee/Kconfig
@@ -7,13 +7,6 @@ config OPTEE
OPTEE specific checks before booting an OPTEE image created with
mkimage.
-config OPTEE_LOAD_ADDR
- hex "OPTEE load address"
- default 0x
- depends on OPTEE
- help
- The load address of the bootable OPTEE binary.
-
config OPTEE_TZDRAM_SIZE
hex "Amount of Trust-Zone RAM for the OPTEE image"
default 0x000
--
2.31.1
[PATCH 2/4] lib: optee: Remove CONFIG_OPTEE_TZDRAM_BASE
It is no longer used in u-boot. Information about the TZDRAM location is usually available in the devicetree as "/reserved-memory/" nodes. Because this isn't used, remove it. Signed-off-by: Alexandru Gagniuc --- configs/warp7_bl33_defconfig | 1 - configs/warp7_defconfig | 1 - lib/optee/Kconfig| 8 3 files changed, 10 deletions(-) diff --git a/configs/warp7_bl33_defconfig b/configs/warp7_bl33_defconfig index ec078178ab..f9c0add926 100644 --- a/configs/warp7_bl33_defconfig +++ b/configs/warp7_bl33_defconfig @@ -67,4 +67,3 @@ CONFIG_USB_ETH_CDC=y CONFIG_USBNET_HOST_ADDR="de:ad:be:af:00:00" CONFIG_OF_LIBFDT_OVERLAY=y CONFIG_OPTEE_TZDRAM_SIZE=0x0200 -CONFIG_OPTEE_TZDRAM_BASE=0x9e00 diff --git a/configs/warp7_defconfig b/configs/warp7_defconfig index 19c0c183f7..1514019064 100644 --- a/configs/warp7_defconfig +++ b/configs/warp7_defconfig @@ -73,5 +73,4 @@ CONFIG_USB_ETH_CDC=y CONFIG_USBNET_HOST_ADDR="de:ad:be:af:00:00" CONFIG_OPTEE_LOAD_ADDR=0x8400 CONFIG_OPTEE_TZDRAM_SIZE=0x300 -CONFIG_OPTEE_TZDRAM_BASE=0x9d00 CONFIG_BOOTM_OPTEE=y diff --git a/lib/optee/Kconfig b/lib/optee/Kconfig index c398f9b953..831e9f4ac6 100644 --- a/lib/optee/Kconfig +++ b/lib/optee/Kconfig @@ -22,14 +22,6 @@ config OPTEE_TZDRAM_SIZE The size of pre-allocated Trust Zone DRAM to allocate for the OPTEE runtime. -config OPTEE_TZDRAM_BASE - hex "Base address of Trust-Zone RAM for the OPTEE image" - default 0x - depends on OPTEE - help - The base address of pre-allocated Trust Zone DRAM for - the OPTEE runtime. - config BOOTM_OPTEE bool "Support OPTEE bootm command" select BOOTM_LINUX -- 2.31.1
[PATCH 1/4] lib: optee: Avoid CONFIG_TZDRAM_* in optee_verify_bootm_image()
The configs TZDRAM_BASE and TZDRAM_SIZE are expected to describe the
memory allocated to the OPTEE region. according to according to commit
c5a6e8bd00cc ("optee: Add optee_verify_bootm_image()"). The TZDRAM is
with some limitations, described by "/reserved-memory" nodes in the
devicetree.
Consequently TZDRAM_BASE and TZDRAM_SIZE can point to imaginary
regions which have nothing to do with actual DRAM. They are not used
to configure the hardware or set up the Trust Zone Controller (TZC)
for OP-TEE -- the devicetree values are used instead.
When a valid OP-TEE image does not fall within the region described by
these configs, u-boot will refuse to load it. In fact, it mostly
serves to cause "bootm" to reject perfectly good OP-TEE images.
Ironically, someone has to correctly configure the devicetree for
TZDRAM, then go back and enter the same information in Kconfig for
"bootm". To remedy this, do not use TZDRAM_BASE and TZDRAM_SIZE in the
verification of OPTEE images.
Signed-off-by: Alexandru Gagniuc
---
include/tee/optee.h | 14 --
lib/optee/optee.c | 21 ++---
2 files changed, 6 insertions(+), 29 deletions(-)
diff --git a/include/tee/optee.h b/include/tee/optee.h
index ebdfe5e98d..764a55b264 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -43,20 +43,6 @@ optee_image_get_load_addr(const struct image_header *hdr)
return optee_image_get_entry_point(hdr) - sizeof(struct optee_header);
}
-#if defined(CONFIG_OPTEE)
-int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
- unsigned long tzdram_len, unsigned long image_len);
-#else
-static inline int optee_verify_image(struct optee_header *hdr,
-unsigned long tzdram_start,
-unsigned long tzdram_len,
-unsigned long image_len)
-{
- return -EPERM;
-}
-
-#endif
-
#if defined(CONFIG_OPTEE)
int optee_verify_bootm_image(unsigned long image_addr,
unsigned long image_load_addr,
diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index 672690dc53..67e46d71d6 100644
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -16,14 +16,12 @@
#define optee_hdr_err_msg \
"OPTEE verification error:" \
- "\n\thdr=%p image=0x%08lx magic=0x%08x tzdram 0x%08lx-0x%08lx " \
+ "\n\thdr=%p image=0x%08lx magic=0x%08x" \
"\n\theader lo=0x%08x hi=0x%08x size=0x%08lx arch=0x%08x" \
"\n\tuimage params 0x%08lx-0x%08lx\n"
-int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
- unsigned long tzdram_len, unsigned long image_len)
+static int optee_verify_image(struct optee_header *hdr, unsigned long
image_len)
{
- unsigned long tzdram_end = tzdram_start + tzdram_len;
uint32_t tee_file_size;
tee_file_size = hdr->init_size + hdr->paged_size +
@@ -31,11 +29,7 @@ int optee_verify_image(struct optee_header *hdr, unsigned
long tzdram_start,
if (hdr->magic != OPTEE_MAGIC ||
hdr->version != OPTEE_VERSION ||
- hdr->init_load_addr_hi > tzdram_end ||
- hdr->init_load_addr_lo < tzdram_start ||
- tee_file_size > tzdram_len ||
- tee_file_size != image_len ||
- (hdr->init_load_addr_lo + tee_file_size) > tzdram_end) {
+ tee_file_size != image_len) {
return -EINVAL;
}
@@ -47,12 +41,9 @@ int optee_verify_bootm_image(unsigned long image_addr,
unsigned long image_len)
{
struct optee_header *hdr = (struct optee_header *)image_addr;
- unsigned long tzdram_start = CONFIG_OPTEE_TZDRAM_BASE;
- unsigned long tzdram_len = CONFIG_OPTEE_TZDRAM_SIZE;
-
int ret;
- ret = optee_verify_image(hdr, tzdram_start, tzdram_len, image_len);
+ ret = optee_verify_image(hdr, image_len);
if (ret)
goto error;
@@ -63,8 +54,8 @@ int optee_verify_bootm_image(unsigned long image_addr,
return ret;
error:
- printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic, tzdram_start,
- tzdram_start + tzdram_len, hdr->init_load_addr_lo,
+ printf(optee_hdr_err_msg, hdr, image_addr, hdr->magic,
+ hdr->init_load_addr_lo,
hdr->init_load_addr_hi, image_len, hdr->arch, image_load_addr,
image_load_addr + image_len);
--
2.31.1
[PATCH 0/4] Repeal and replace TZDRAM_ related config options
When enabling OPTEE support in the config menu, one is asked for the TZDRAM region and OPTEE load address. It would seem that these are very important values, not just some half-assed bollocks. There are currently three sources of information regarding OPTEE and its associated DRAM region: 1) Devicetree "/reserved-memory" nodes 2) uImage and FIT load-address and entry-point 3) The CONFIG_s currently under scrutiny (1) and (2) are sufficient to identify and reject OP-TEE images which fall outside TZDRAM. Such a check might make sense in the context of not bricking a device. But if an incompatible image was already installed, the device is likely soft-bricked anyway and needs manual intervention. This series doesn't implement such a check. It is possible for (1) and (3) to be in conflict. Because the values in (3) default to 0x0, it is very likely to happen. Such a situation causes the "bootm" command to reject otherwise valid OP-TEE images. Thus a perfectly tuned u-boot which doesn't also set (3) will be non-functional with respect to OP-TEE images. This becomes confusing, and has caused yours truly a disproportionate amount of grief. Fortunately, SPL can also load OP-TEE images, and does not even look at the values in (3). It only uses (1) and (2) to determine the appropriate values for firing up OP-TEE. It is more reliable and easy to use than "bootm". We are able to remove these configs without breaking anything. This also resolves the problems with "bootm" mentioned earlier. I hypothesize that one could re-add the removed checks from optee_verify_image() by deriving TZDRAM information from (1) instead of (3). I chose not to implement it because I don't see the value. Alexandru Gagniuc (4): lib: optee: Avoid CONFIG_TZDRAM_* in optee_verify_bootm_image() lib: optee: Remove CONFIG_OPTEE_TZDRAM_BASE lib: optee: Remove CONFIG_OPTEE_LOAD_ADDR arm: imx: mx7: Move CONFIG_OPTEE_TZDRAM_SIZE from lib/optee arch/arm/mach-imx/mx7/Kconfig | 8 configs/warp7_bl33_defconfig | 1 - configs/warp7_defconfig | 2 -- include/configs/warp7.h | 5 - include/tee/optee.h | 14 -- lib/optee/Kconfig | 23 --- lib/optee/optee.c | 21 ++--- 7 files changed, 14 insertions(+), 60 deletions(-) -- 2.31.1
[PATCH v2 4/6] common: Move MD5 hash to hash_algo[] array.
MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].
The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.
The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.
Signed-off-by: Alexandru Gagniuc
---
common/hash.c| 13 +
include/image.h | 1 +
include/u-boot/md5.h | 6 --
lib/md5.c| 4 ++--
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/common/hash.c b/common/hash.c
index dca23635ab..4587d78301 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -207,12 +207,25 @@ static int hash_finish_crc32(struct hash_algo *algo, void
*ctx, void *dest_buf,
return 0;
}
+#ifdef USE_HOSTCC
+# define I_WANT_MD51
+#else
+# define I_WANT_MD5IS_ENABLED(MD5)
+#endif
/*
* These are the hash algorithms we support. If we have hardware acceleration
* is enable we will use that, otherwise a software version of the algorithm.
* Note that algorithm names must be in lower case.
*/
static struct hash_algo hash_algo[] = {
+#if I_WANT_MD5
+ {
+ .name = "md5",
+ .digest_size= MD5_SUM_LEN,
+ .chunk_size = CHUNKSZ_MD5,
+ .hash_func_ws = md5_wd,
+ },
+#endif
#ifdef CONFIG_SHA1
{
.name = "sha1",
diff --git a/include/image.h b/include/image.h
index 489b220eba..e4b9cd0df2 100644
--- a/include/image.h
+++ b/include/image.h
@@ -31,6 +31,7 @@ struct fdt_region;
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
#define CONFIG_FIT_RSASSA_PSS 1
+#define CONFIG_MD5
#define CONFIG_SHA1
#define CONFIG_SHA256
#define CONFIG_SHA384
diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h
index e09c16a6e3..6d48592aa6 100644
--- a/include/u-boot/md5.h
+++ b/include/u-boot/md5.h
@@ -8,6 +8,8 @@
#include "compiler.h"
+#define MD5_SUM_LEN16
+
struct MD5Context {
__u32 buf[4];
__u32 bits[2];
@@ -28,7 +30,7 @@ void md5 (unsigned char *input, int len, unsigned char
output[16]);
* 'output' must have enough space to hold 16 bytes. If 'chunk' Trigger the
* watchdog every 'chunk_sz' bytes of input processed.
*/
-void md5_wd (unsigned char *input, int len, unsigned char output[16],
- unsigned int chunk_sz);
+void md5_wd(const unsigned char *input, unsigned int len,
+unsigned char output[16], unsigned int chunk_sz);
#endif /* _MD5_H */
diff --git a/lib/md5.c b/lib/md5.c
index 2ae4a06319..e2ba622ea4 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -284,12 +284,12 @@ md5 (unsigned char *input, int len, unsigned char
output[16])
* watchdog every 'chunk_sz' bytes of input processed.
*/
void
-md5_wd (unsigned char *input, int len, unsigned char output[16],
+md5_wd(const unsigned char *input, unsigned int len, unsigned char output[16],
unsigned int chunk_sz)
{
struct MD5Context context;
#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
- unsigned char *end, *curr;
+ const unsigned char *end, *curr;
int chunk;
#endif
--
2.31.1
[PATCH v2 3/6] common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH
All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for CHAIN_OF_TRUST to select SPL_HASH now. Signed-off-by: Alexandru Gagniuc [trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks] Signed-off-by: Tom Rini --- board/freescale/common/Kconfig| 1 + common/Kconfig.boot | 2 +- common/Makefile | 4 +--- common/spl/Kconfig| 23 +-- ...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 - configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 1 - .../ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 - .../ls1046ardb_sdcard_SECURE_BOOT_defconfig | 1 - ...1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 1 - include/configs/xilinx_zynqmp.h | 2 +- lib/Makefile | 2 +- 11 files changed, 6 insertions(+), 33 deletions(-) diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index ab9c14ae88..35a6115e5e 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -4,6 +4,7 @@ config CHAIN_OF_TRUST imply CMD_HASH if ARM select FSL_CAAM select SPL_BOARD_INIT if (ARM && SPL) + select SPL_HASH if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL select ENV_IS_NOWHERE diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 2399d5849e..314f1e50a0 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -157,7 +157,7 @@ config SPL_FIT_SIGNATURE select FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO - select SPL_HASH_SUPPORT + select SPL_HASH imply SPL_RSA imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO diff --git a/common/Makefile b/common/Makefile index 9063ed9391..ae0430c35f 100644 --- a/common/Makefile +++ b/common/Makefile @@ -8,7 +8,6 @@ ifndef CONFIG_SPL_BUILD obj-y += init/ obj-y += main.o obj-y += exports.o -obj-$(CONFIG_HASH) += hash.o obj-$(CONFIG_HUSH_PARSER) += cli_hush.o obj-$(CONFIG_AUTOBOOT) += autoboot.o @@ -66,8 +65,6 @@ ifdef CONFIG_SPL_BUILD ifdef CONFIG_SPL_DFU obj-$(CONFIG_DFU_OVER_USB) += dfu.o endif -obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o -obj-$(CONFIG_TPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_SPL_LOAD_FIT) += common_fit.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += fdt_support.o @@ -105,6 +102,7 @@ endif endif obj-y += image.o +obj-$(CONFIG_$(SPL_TPL_)HASH) += hash.o obj-$(CONFIG_ANDROID_AB) += android_ab.o obj-$(CONFIG_ANDROID_BOOT_IMAGE) += image-android.o image-android-dt.o obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o diff --git a/common/spl/Kconfig b/common/spl/Kconfig index d69d1fa5f7..29a46c4787 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -477,27 +477,6 @@ config SPL_CRYPTO this option to build the drivers in drivers/crypto as part of an SPL build. -config SPL_HASH_SUPPORT - bool "Support hashing drivers" - select SHA1 - select SHA256 - help - Enable hashing drivers in SPL. These drivers can be used to - accelerate secure boot processing in secure applications. Enable - this option to build system-specific drivers for hash acceleration - as part of an SPL build. - -config TPL_HASH_SUPPORT - bool "Support hashing drivers in TPL" - depends on TPL - select SHA1 - select SHA256 - help - Enable hashing drivers in SPL. These drivers can be used to - accelerate secure boot processing in secure applications. Enable - this option to build system-specific drivers for hash acceleration - as part of an SPL build. - config SPL_DMA bool "Support DMA drivers" help @@ -1193,7 +1172,7 @@ config SPL_USB_ETHER config SPL_DFU bool "Support DFU (Device Firmware Upgrade)" - select SPL_HASH_SUPPORT + select SPL_HASH select SPL_DFU_NO_RESET depends on SPL_RAM_SUPPORT help diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig index 78196e6485..f9d551c6a8 100644 --- a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig +++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig @@ -31,7 +31,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xe8 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig index 3736445d47..2733ca8358 100644 --- a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_nand_SECU
[PATCH v2 5/6] image: Drop if/elseif hash selection in calculate_hash()
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.
This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot| 2 ++
common/image-fit.c | 45 --
drivers/crypto/fsl/Kconfig | 2 ++
3 files changed, 23 insertions(+), 26 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 314f1e50a0..c2d6c89372 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -13,6 +13,7 @@ config FIT
bool "Support Flattened Image Tree"
select MD5
select SHA1
+ select HASH
help
This option allows you to boot the new uImage structure,
Flattened Image Tree. FIT is formally a FDT, which can include
@@ -133,6 +134,7 @@ if SPL
config SPL_FIT
bool "Support Flattened Image Tree within SPL"
depends on SPL
+ select SPL_HASH
select SPL_OF_LIBFDT
config SPL_FIT_PRINT
diff --git a/common/image-fit.c b/common/image-fit.c
index aff4670be3..92d9141bcd 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1193,6 +1193,12 @@ int fit_set_timestamp(void *fit, int noffset, time_t
timestamp)
return 0;
}
+static void crc32_uimage_fixup(void *value)
+{
+ /* TODO: In C, this type punning is undefined behavior: */
+ *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
+}
+
/**
* calculate_hash - calculate and return hash for provided input data
* @data: pointer to the input data
@@ -1211,37 +1217,24 @@ int fit_set_timestamp(void *fit, int noffset, time_t
timestamp)
* 0, on success
*-1, when algo is unsupported
*/
-int calculate_hash(const void *data, int data_len, const char *algo,
+int calculate_hash(const void *data, int data_len, const char *name,
uint8_t *value, int *value_len)
{
- if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
- *((uint32_t *)value) = crc32_wd(0, data, data_len,
- CHUNKSZ_CRC32);
- *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
- *value_len = 4;
- } else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
- sha1_csum_wd((unsigned char *)data, data_len,
-(unsigned char *)value, CHUNKSZ_SHA1);
- *value_len = 20;
- } else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
- sha256_csum_wd((unsigned char *)data, data_len,
- (unsigned char *)value, CHUNKSZ_SHA256);
- *value_len = SHA256_SUM_LEN;
- } else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
- sha384_csum_wd((unsigned char *)data, data_len,
- (unsigned char *)value, CHUNKSZ_SHA384);
- *value_len = SHA384_SUM_LEN;
- } else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
- sha512_csum_wd((unsigned char *)data, data_len,
- (unsigned char *)value, CHUNKSZ_SHA512);
- *value_len = SHA512_SUM_LEN;
- } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
- md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
- *value_len = 16;
- } else {
+ struct hash_algo *algo;
+ int ret;
+
+ ret = hash_lookup_algo(name, );
+ if (ret < 0) {
debug("Unsupported hash alogrithm\n");
return -1;
}
+
+ algo->hash_func_ws(data, data_len, value, algo->chunk_size);
+ *value_len = algo->digest_size;
+
+ if (!strcmp(name, "crc32"))
+ crc32_uimage_fixup(value);
+
return 0;
}
diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig
index 1f5dfb94bb..e467ab1b71 100644
--- a/drivers/crypto/fsl/Kconfig
+++ b/drivers/crypto/fsl/Kconfig
@@ -1,6 +1,8 @@
config FSL_CAAM
bool "Freescale Crypto Driver Support"
select SHA_HW_ACCEL
+ # hw_sha1() under drivers/crypto, and needed with SHA_HW_ACCEL
+ imply SPL_CRYPTO
imply CMD_HASH
help
Enables the Freescale's Cryptographic Accelerator and Assurance
--
2.31.1
[PATCH v2 6/6] image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines
These are no longer used, so drop them. Signed-off-by: Alexandru Gagniuc --- include/image.h | 20 1 file changed, 20 deletions(-) diff --git a/include/image.h b/include/image.h index e4b9cd0df2..98b33d0629 100644 --- a/include/image.h +++ b/include/image.h @@ -60,26 +60,6 @@ struct fdt_region; #include #include #include -# ifdef CONFIG_SPL_BUILD -# ifdef CONFIG_SPL_CRC32 -# define IMAGE_ENABLE_CRC32 1 -# endif -# ifdef CONFIG_SPL_MD5 -# define IMAGE_ENABLE_MD51 -# endif -# else -# define IMAGE_ENABLE_CRC32 1 -# define IMAGE_ENABLE_MD5 1 -# endif - -#ifndef IMAGE_ENABLE_CRC32 -#define IMAGE_ENABLE_CRC32 0 -#endif - -#ifndef IMAGE_ENABLE_MD5 -#define IMAGE_ENABLE_MD5 0 -#endif - #endif /* IMAGE_ENABLE_FIT */ #ifdef CONFIG_SYS_BOOT_GET_CMDLINE -- 2.31.1
[PATCH v2 2/6] lib: Drop SHA512_ALGO in lieu of SHA512
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.
>From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.
It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.
Thus, automatically select SHA512 when SHA384 is enabled.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-socfpga/Kconfig | 2 +-
lib/Kconfig | 12
lib/Makefile | 2 +-
lib/crypt/Kconfig | 2 +-
lib/efi_loader/Kconfig| 2 +-
lib/sha512.c | 2 --
6 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-socfpga/Kconfig
index f4791c1ebe..bddfd44427 100644
--- a/arch/arm/mach-socfpga/Kconfig
+++ b/arch/arm/mach-socfpga/Kconfig
@@ -11,7 +11,7 @@ config SOCFPGA_SECURE_VAB_AUTH
depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_N5X
select FIT_IMAGE_POST_PROCESS
select SHA384
- select SHA512_ALGO
+ select SHA512
select SPL_FIT_IMAGE_POST_PROCESS
help
All images loaded from FIT will be authenticated by Secure Device
diff --git a/lib/Kconfig b/lib/Kconfig
index c535147aea..48565a4169 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -375,14 +375,9 @@ config SHA256
The SHA256 algorithm produces a 256-bit (32-byte) hash value
(digest).
-config SHA512_ALGO
- bool "Enable SHA512 algorithm"
- help
- This option enables support of internal SHA512 algorithm.
config SHA512
bool "Enable SHA512 support"
- depends on SHA512_ALGO
help
This option enables support of hashing using SHA512 algorithm.
The hash is calculated in software.
@@ -391,10 +386,11 @@ config SHA512
config SHA384
bool "Enable SHA384 support"
- depends on SHA512_ALGO
+ select SHA512
help
This option enables support of hashing using SHA384 algorithm.
- The hash is calculated in software.
+ The hash is calculated in software. This is also selects SHA512,
+ because these implementations share the bulk of the code..
The SHA384 algorithm produces a 384-bit (48-byte) hash value
(digest).
@@ -409,7 +405,7 @@ if SHA_HW_ACCEL
config SHA512_HW_ACCEL
bool "Enable hardware acceleration for SHA512"
- depends on SHA512_ALGO
+ depends on SHA512
help
This option enables hardware acceleration for the SHA384 and SHA512
hashing algorithms. This affects the 'hash' command and also the
diff --git a/lib/Makefile b/lib/Makefile
index 8ba745faa0..6aa48ca3d5 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -65,7 +65,7 @@ obj-$(CONFIG_$(SPL_)RSA) += rsa/
obj-$(CONFIG_HASH) += hash-checksum.o
obj-$(CONFIG_SHA1) += sha1.o
obj-$(CONFIG_SHA256) += sha256.o
-obj-$(CONFIG_SHA512_ALGO) += sha512.o
+obj-$(CONFIG_SHA512) += sha512.o
obj-$(CONFIG_CRYPT_PW) += crypt/
obj-$(CONFIG_$(SPL_)ZLIB) += zlib/
diff --git a/lib/crypt/Kconfig b/lib/crypt/Kconfig
index 5495ae8d4c..6a50029642 100644
--- a/lib/crypt/Kconfig
+++ b/lib/crypt/Kconfig
@@ -20,7 +20,7 @@ config CRYPT_PW_SHA256
config CRYPT_PW_SHA512
bool "Provide sha512crypt"
select SHA512
- select SHA512_ALGO
+ select SHA512
help
Enables support for the sha512crypt password-hashing algorithm.
The prefix is "$6$".
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index dacc3b5881..08463251cd 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -323,7 +323,7 @@ config EFI_TCG2_PROTOCOL
depends on TPM_V2
select SHA1
select SHA256
- select SHA512_ALGO
+ select SHA512
select SHA384
select SHA512
select HASH
diff --git a/lib/sha512.c b/lib/sha512.c
index 35f31e3dc5..a421f249ba 100644
--- a/lib/sha512.c
+++ b/lib/sha512.c
@@ -320,7 +320,6 @@ void sha384_csum_wd(const unsigned char *input, unsigned
int ilen,
#endif
-#if defined(CONFIG_SHA512)
void sha512_starts(sha512_context * ctx)
{
ctx->state[0] = SHA512_H0;
@@ -381,4 +380,3 @@ void sha512_csum_wd(const unsigned char *input, unsigned
int ilen,
sha512_finish(, output);
}
-#endif
--
2.31.1
[PATCH v2 0/6] Fix FIT hash algos in SPL (Fixes v2021.10-rc3)
Simon and I recently worked on killing a bunch extra definitions. One
of the side-effects is that certain hash algorithms won't work in SPL
when used in the context of FIT verification.
For example, in FIT verification, CONFIG_IS_ENABLED(SHA256) is used
(good), but there is no corresponding CONFIG_SPL_SHA256 (bad). This
will always be false for SPL, hence certain "hash" algos are broken.
This series resolves the selection by replacing the broken selection
with hash_lookup_algo(), which does not have the aforementioned
problem. This at the very least allows 'algo = "sha256"' FIT nodes to
work in SPL.
This series does not attempt to add individual SHA/CRC/MD5 configs for
SPL. Hash algo selection for SPL has been problematic even before. This
series is meant as an emergency fix, so it does not attempt to tackle
general refactoring issues.
Changes since v1:
- Taken in all of Tom's fixes from WIP/30Aug2021 branch
- CMD_MVEBU_BUBT: select SHA256 if ARMADA_3700 (sha256_update() reference)
- fsl: FSL_CAAM: imply SPL_CRYPTO (Fixes undefined reference to hw_sha1)
- Add MD5 to hash_algos[] (Fixes "Can't add hashes to FIT: -93")
Alexandru Gagniuc (6):
common: Remove unused CONFIG_FIT_SHAxxx selectors
lib: Drop SHA512_ALGO in lieu of SHA512
common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH
common: Move MD5 hash to hash_algo[] array.
image: Drop if/elseif hash selection in calculate_hash()
image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines
arch/arm/mach-socfpga/Kconfig | 2 +-
board/freescale/common/Kconfig| 1 +
cmd/mvebu/Kconfig | 1 +
common/Kconfig.boot | 32 +
common/Makefile | 4 +-
common/hash.c | 13
common/image-fit.c| 45 ++---
common/spl/Kconfig| 65 +--
...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 -
configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 1 -
.../ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 -
.../ls1046ardb_sdcard_SECURE_BOOT_defconfig | 1 -
...1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 1 -
configs/mt8516_pumpkin_defconfig | 2 +-
drivers/crypto/fsl/Kconfig| 2 +
include/configs/xilinx_zynqmp.h | 2 +-
include/image.h | 24 +--
include/u-boot/md5.h | 6 +-
lib/Kconfig | 12 ++--
lib/Makefile | 4 +-
lib/crypt/Kconfig | 2 +-
lib/efi_loader/Kconfig| 2 +-
lib/md5.c | 4 +-
lib/sha512.c | 2 -
24 files changed, 59 insertions(+), 171 deletions(-)
--
2.31.1
[PATCH v2 1/6] common: Remove unused CONFIG_FIT_SHAxxx selectors
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for has_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.
The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
references to "sha256_*()". bubt.c needs sha256, so this selection is
correct. It is not clear why this problem did not manifest before.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Signed-off-by: Alexandru Gagniuc
---
cmd/mvebu/Kconfig| 1 +
common/Kconfig.boot | 28 -
common/spl/Kconfig | 42
configs/mt8516_pumpkin_defconfig | 2 +-
include/image.h | 3 ---
5 files changed, 2 insertions(+), 74 deletions(-)
diff --git a/cmd/mvebu/Kconfig b/cmd/mvebu/Kconfig
index 7c42c75afb..340fb3aff6 100644
--- a/cmd/mvebu/Kconfig
+++ b/cmd/mvebu/Kconfig
@@ -4,6 +4,7 @@ depends on ARCH_MVEBU
config CMD_MVEBU_BUBT
bool "bubt"
default n
+ select SHA256 if ARMADA_3700
help
bubt - Burn a u-boot image to flash
For details about bubt command please see the documentation
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 0d4c38402c..2399d5849e 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -35,34 +35,6 @@ config FIT_EXTERNAL_OFFSET
could be put in the hole between data payload and fit image
header, such as CSF data on i.MX platform.
-config FIT_SHA256
- bool "Support SHA256 checksum of FIT image contents"
- default y
- select SHA256
- help
- Enable this to support SHA256 checksum of FIT image contents. A
- SHA256 checksum is a 256-bit (32-byte) hash value used to check that
- the image contents have not been corrupted.
-
-config FIT_SHA384
- bool "Support SHA384 checksum of FIT image contents"
- default n
- select SHA384
- help
- Enable this to support SHA384 checksum of FIT image contents. A
- SHA384 checksum is a 384-bit (48-byte) hash value used to check that
- the image contents have not been corrupted. Use this for the highest
- security.
-
-config FIT_SHA512
- bool "Support SHA512 checksum of FIT image contents"
- default n
- select SHA512
- help
- Enable this to support SHA512 checksum of FIT image contents. A
- SHA512 checksum is a 512-bit (64-byte) hash value used to check that
- the image contents have not been corrupted.
-
config FIT_FULL_CHECK
bool "Do a full check of the FIT before using it"
default y
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index c155a3b5fc..d69d1fa5f7 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -439,48 +439,6 @@ config SPL_MD5
applications where images may be changed maliciously, you should
consider SHA256 or SHA384.
-config SPL_FIT_SHA1
- bool "Support SHA1"
- depends on SPL_FIT
- select SHA1
- help
- Enable this to support SHA1 in FIT images within SPL. A SHA1
- checksum is a 160-bit (20-byte) hash value used to check that the
- image contents have not been corrupted or maliciously altered.
- While SHA1 is fairly secure it is coming to the end of its life
- due to the expanding computing power available to brute-force
- attacks. For more security, consider SHA256 or SHA384.
-
-config SPL_FIT_SHA256
- bool "Support SHA256"
- depends on SPL_FIT
- select SHA256
- help
- Enable this to support SHA256 in FIT images within SPL. A SHA256
- checksum is a 256-bit (32-byte) hash value used to check that the
- image contents have not been corrupted.
-
-config SPL_FIT_SHA384
- bool "Support SHA384"
- depends on SPL_FIT
- select SHA384
- select SHA512_ALGO
- help
- Enable this to support SHA384 in FIT images within SPL. A SHA384
- checksum is a 384-bit (48-byte) hash value used to check that the
- image contents have not been corrupted. Use this for the highest
- security.
-
-config SPL_FIT_SHA512
- bool "Support SHA512"
- depends on SPL_FIT
- select SHA512
- select SHA512_ALGO
- help
- Enable this to support SHA512 in FIT images within SPL. A SHA512
- checksum is a 512-bit (64-byte) hash value used to check that the
- image contents have not been corrupted.
-
config SPL_FIT_IMAGE_TINY
[PATCH] mkimage: Don't disable encryption based on CONFIG_FIT_CIPHER
We want the u-boot tools to be target agnostic, as explained in commit
cb9faa6f98ae (" tools: Use a single target-independent config to
enable OpenSSL")
Making mkimage features depend on CONFIG_FIT_CIPHER is contrary to
that goal. Thus, always enable cihper features in mkimage, and ignore
the value of CONFIG_FIT_CIPHER for host-only code.
Signed-off-by: Alexandru Gagniuc
---
include/image.h| 5 -
tools/image-host.c | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/include/image.h b/include/image.h
index e20f0b69d5..381ee91eb5 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1432,14 +1432,9 @@ static inline int fit_image_check_target_arch(const void
*fdt, int node)
* device
*/
#if defined(USE_HOSTCC)
-# if defined(CONFIG_FIT_CIPHER)
# define IMAGE_ENABLE_ENCRYPT 1
# define IMAGE_ENABLE_DECRYPT 1
# include
-# else
-# define IMAGE_ENABLE_ENCRYPT 0
-# define IMAGE_ENABLE_DECRYPT 0
-# endif
#else
# define IMAGE_ENABLE_ENCRYPT 0
# define IMAGE_ENABLE_DECRYPT CONFIG_IS_ENABLED(FIT_CIPHER)
diff --git a/tools/image-host.c b/tools/image-host.c
index d3a882ec29..82cb238f54 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -562,7 +562,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest,
printf("Failure getting cipher node\n");
return -1;
}
- if (!IMAGE_ENABLE_ENCRYPT || !keydir)
+ if (keydir)
return 0;
return fit_image_process_cipher(keydir, keydest, fit, image_name,
image_noffset, cipher_node_offset, data, size, cmdname);
--
2.31.1
[RFC PATCH] stm32mp1: Replace STM32IMAGE config with TFABOOT_FIP
Hi Patrick,
I proposing a better fix fir the issues I outlined earlier, I made a
classification of the currently supported boot modes.
1) BL1 -> SPL -> u-boot
2) BL1 -> SPL -> OP-TEE
-
| 3) BL1 -> TF-A -> u-boot |
| 4) BL1 -> TF-A -> OP-TEE |
| _ |
|| 5) BL1 -> TF-A -> FIP container ||
|| CONFIG_TFABOOT_FIP ||
||_||
| |
| CONFIG_TFABOOT|
-
Here, I'm looking at FIP as a new boot mode. In order to avoid
breakage, any changes to support FIP it should naturally be done only
to this new path.
This proposal contains several changes, but I've squashed them into
one for ease of discussion.
This better matches the boot mode classification above.
This config mixes boot path (2) with paths (3) and (4), and thus is
contrary to our goal of making changes only to the new FIP path.
Because it mixes and matches SPL assumptions with TF-A assumptions,
I've had a hard time figuting it out. I suspect it would be just as
confusing for others in the future.
I've had issues with tee_find_device() in the past when using SPL as
the FSBL. As u-boot was running in secure mode and did not have a
handler, it would result in a CPU exception and crash.
The second argument against this is that stm32mp1 is the only platform
to call tee_find_device() with the intent of detecting the presence of
OP-TEE.
Have there been issues with not callinf this in the past, or was this
more of a "seems nice to have" ?
"stm32mp15_defconfig" implies that would be the correct configuraion
for STM32MP1. New contributor chooses this config, tries to run SPL
+ u-boot, which is what u-boot user expects is the default. Things
likely fail miserably. A lot of u-boot users don't know what FIP is.
It's an extra concept that is not strictly necessary in u-boot.
So I think this name is vague, as it doesn't really describe what is
going on. If we change it to "stm32mp15_tfaboot_fip_defconfig", then
it very accurately describes the boot scenario, and avoids the
confusion above.
We're setting CONFIG_MTDPARTS_xxx based on TFABOOT_FIP_CONTAINER now,
so I don't think we need any ifdefs here. This part needs the most
scrutiny, as I don't have a way to test if I've broken anything.
---
arch/arm/Kconfig | 14 +++
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 7 ++--
arch/arm/dts/stm32mp157c-ed1-u-boot.dtsi | 9 ++---
arch/arm/mach-stm32mp/Kconfig | 7
.../cmd_stm32prog/cmd_stm32prog.c | 2 -
.../mach-stm32mp/cmd_stm32prog/stm32prog.c| 4 --
.../mach-stm32mp/cmd_stm32prog/stm32prog.h| 2 -
arch/arm/mach-stm32mp/config.mk | 2 +-
arch/arm/mach-stm32mp/fdt.c | 37 ---
.../arm/mach-stm32mp/include/mach/stm32prog.h | 2 -
board/st/common/Kconfig | 20 +-
board/st/common/stm32mp_mtdparts.c| 18 -
board/st/stm32mp1/stm32mp1.c | 6 +--
...config => stm32mp15_tfaboot_fip_defconfig} | 1 +
configs/stm32mp15_trusted_defconfig | 1 -
15 files changed, 35 insertions(+), 97 deletions(-)
rename configs/{stm32mp15_defconfig => stm32mp15_tfaboot_fip_defconfig} (99%)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index d692139199..4c6f7ab3de 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1905,6 +1905,20 @@ config TFABOOT
Enabling this option will make a U-Boot binary that is relying
on other firmware layers to provide secure functionality.
+config TFABOOT_FIP_CONTAINER
+ bool "Support for booting from TF-A inside a FIP container"
+ depends on TFABOOT
+ default n
+ help
+ TF-A has its own container format, named FIP (not to be confused with
+ FIT). When u-boot is started from a FIP, it sometimes needs to make
+ different assumptions than it would with a non-FIP boot. Although
+ those could be resolved with dynamic devicetree patching, TF-A is
+ either can't patch devicetrees, or is unwilling to do so.
+ Enabling this option will tell u-boot platform code that it is okay
+ to assume U-Boot will be started from a FIP container, even if such
+ assumptions would break things in a more normal setting.
+
config TI_SECURE_DEVICE
bool "HS Device Type Support"
depends on ARCH_KEYSTONE || ARCH_OMAP2PLUS || ARCH_K3
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
[PATCH 08/10] lib: Makefile: Make optee library available in SPL
We want the optee_copy_fdt_nodes symbols in SPL. This is for cases when booting an OPTEE payload directly. Signed-off-by: Alexandru Gagniuc --- lib/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Makefile b/lib/Makefile index 8ba745faa0..73dacbb01b 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -16,7 +16,6 @@ obj-$(CONFIG_FIT) += libfdt/ obj-$(CONFIG_OF_LIVE) += of_live.o obj-$(CONFIG_CMD_DHRYSTONE) += dhry/ obj-$(CONFIG_ARCH_AT91) += at91/ -obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o obj-y += crypto/ @@ -74,6 +73,7 @@ obj-$(CONFIG_$(SPL_)GZIP) += gunzip.o obj-$(CONFIG_$(SPL_)LZO) += lzo/ obj-$(CONFIG_$(SPL_)LZMA) += lzma/ obj-$(CONFIG_$(SPL_)LZ4) += lz4_wrapper.o +obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_$(SPL_)LIB_RATIONAL) += rational.o -- 2.31.1
[PATCH 10/10] stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads
OP-TEE does not take a devicetree for its own use. However, it does
pass the devicetree to the normal world OS. In most cases that will
be some other devicetree-bearing platform, such as linux.
As in other cases where there's an OPTEE payload (e.g. BOOTM_OPTEE),
it is required to copy the optee nodes to he target's FDT. Do this as
part of spl_board_prepare_for_optee().
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index d9fdc5926c..94fbb45cf9 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
u32 spl_boot_device(void)
{
@@ -182,6 +183,7 @@ void stm32_init_tzc_for_optee(void)
void spl_board_prepare_for_optee(void *fdt)
{
stm32_fdt_setup_mac_addr(fdt);
+ optee_copy_fdt_nodes(fdt);
stm32_init_tzc_for_optee();
}
--
2.31.1
[PATCH 07/10] stm32mp1: spl: Configure MAC address when booting OP-TEE
When OP-TEE is booted as the SPL payload, the stage after OP-TEE is
not guaranteed to be u-boot. Thus the FDT patching in u-boot is not
guaranteed to occur. Add this step to SPL.
The patching by stm32_fdt_setup_mac_addr() is done in SPL, and patches
the target FDT directly. This differs is different from
setup_mac_address(), which sets the "ethaddr" env variable, and does
not work in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 22 +++
.../arm/mach-stm32mp/include/mach/sys_proto.h | 3 +++
arch/arm/mach-stm32mp/spl.c | 1 +
3 files changed, 26 insertions(+)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
index 8727de513c..2b8b67bb40 100644
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@@ -10,6 +10,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -646,6 +647,27 @@ __weak int setup_mac_address(void)
return 0;
}
+int stm32_fdt_setup_mac_addr(void *fdt)
+{
+ int ret;
+ uchar enetaddr[ARP_HLEN];
+
+ ret = stm32_read_otp_mac(enetaddr);
+ if (ret < 0)
+ return ret;
+
+ if (!is_valid_ethaddr(enetaddr)) {
+ printf("invalid MAC address in OTP\n");
+ return -EINVAL;
+ }
+
+ ret = fdt_ethernet_set_macaddr(fdt, 0, enetaddr);
+ if (ret)
+ debug("Failed to set mac address from OTP: %d\n", ret);
+
+ return ret;
+}
+
static int setup_serial_number(void)
{
char serial_string[25];
diff --git a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
index 4149d3a133..2d24cfee3f 100644
--- a/arch/arm/mach-stm32mp/include/mach/sys_proto.h
+++ b/arch/arm/mach-stm32mp/include/mach/sys_proto.h
@@ -47,7 +47,10 @@ void get_soc_name(char name[SOC_NAME_SIZE]);
/* return boot mode */
u32 get_bootmode(void);
+/* Set 'ethaddr' env variable with MAC from OTP (useful for u-boot proper) */
int setup_mac_address(void);
+/* Patch the first 'ethernet' node of FDT with MAC from OTP (useful for SPL) */
+int stm32_fdt_setup_mac_addr(void *fdt);
/* board power management : configure vddcore according OPP */
void board_vddcore_init(u32 voltage_mv);
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index 405eff68a3..d9fdc5926c 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -181,6 +181,7 @@ void stm32_init_tzc_for_optee(void)
void spl_board_prepare_for_optee(void *fdt)
{
+ stm32_fdt_setup_mac_addr(fdt);
stm32_init_tzc_for_optee();
}
--
2.31.1
[PATCH 06/10] arm: stm32mp: Factor out reading MAC address from OTP
Move the reading the OTP into a separate function. This is
required for a subsequent change which sets the MAC in SPL.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/cpu.c | 37 +++--
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a/arch/arm/mach-stm32mp/cpu.c b/arch/arm/mach-stm32mp/cpu.c
index eb79f3ffd2..8727de513c 100644
--- a/arch/arm/mach-stm32mp/cpu.c
+++ b/arch/arm/mach-stm32mp/cpu.c
@@ -593,6 +593,28 @@ static void setup_boot_mode(void)
clrsetbits_le32(TAMP_BOOT_CONTEXT, TAMP_BOOT_FORCED_MASK, BOOT_NORMAL);
}
+static int stm32_read_otp_mac(uint8_t enetaddr[ARP_HLEN])
+{
+ struct udevice *dev;
+ int ret, i;
+ u32 otp[2];
+
+ ret = uclass_get_device_by_driver(UCLASS_MISC,
+ DM_DRIVER_GET(stm32mp_bsec),
+ );
+ if (ret)
+ return ret;
+
+ ret = misc_read(dev, STM32_BSEC_SHADOW(BSEC_OTP_MAC), otp, sizeof(otp));
+ if (ret < 0)
+ return ret;
+
+ for (i = 0; i < ARP_HLEN; i++)
+ enetaddr[i] = ((uint8_t *))[i];
+
+ return 0;
+}
+
/*
* If there is no MAC address in the environment, then it will be initialized
* (silently) from the value in the OTP.
@@ -601,29 +623,16 @@ __weak int setup_mac_address(void)
{
#if defined(CONFIG_NET)
int ret;
- int i;
- u32 otp[2];
uchar enetaddr[6];
- struct udevice *dev;
/* MAC already in environment */
if (eth_env_get_enetaddr("ethaddr", enetaddr))
return 0;
- ret = uclass_get_device_by_driver(UCLASS_MISC,
- DM_DRIVER_GET(stm32mp_bsec),
- );
- if (ret)
- return ret;
-
- ret = misc_read(dev, STM32_BSEC_SHADOW(BSEC_OTP_MAC),
- otp, sizeof(otp));
+ ret = stm32_read_otp_mac(enetaddr);
if (ret < 0)
return ret;
- for (i = 0; i < 6; i++)
- enetaddr[i] = ((uint8_t *))[i];
-
if (!is_valid_ethaddr(enetaddr)) {
log_err("invalid MAC address in OTP %pM\n", enetaddr);
return -EINVAL;
--
2.31.1
[PATCH 09/10] ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb
This node is required in SPL when booting an OP-TEE payload. Add it to
the SPL devicetree.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index 0101962ea5..2e65b9b4d5 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -31,6 +31,7 @@
optee {
compatible = "linaro,optee-tz";
method = "smc";
+ u-boot,dm-spl;
};
};
--
2.31.1
[PATCH 04/10] fdt_support: Implement fdt_ethernet_set_macaddr()
Oftentimes we have MAC address information stored in a ROM or OTP. The
way to add that to the FDT would be through the u-boot environment,
and then fdt_fixup_ethernet(). This is not very useful in SPL.
It would be more helpful to be able to "set interface x to MAC y".
This is where fdt_ethernet_set_macaddr() comes in. It is similar in
function to fdt_fixup_ethernet(), but only updates one interface,
without using the u-boot env, and without string processing.
Signed-off-by: Alexandru Gagniuc
---
common/fdt_support.c | 30 ++
include/fdt_support.h | 17 +
2 files changed, 47 insertions(+)
diff --git a/common/fdt_support.c b/common/fdt_support.c
index 4341d84bd5..c4cbd4060e 100644
--- a/common/fdt_support.c
+++ b/common/fdt_support.c
@@ -592,6 +592,36 @@ void fdt_fixup_ethernet(void *fdt)
}
}
+int fdt_ethernet_set_macaddr(void *fdt, int ethnum, const uint8_t *mac_addr)
+{
+ const char *path, *name;
+ int prop, aliases_node;
+ char eth_name[16] = "ethernet";
+
+ aliases_node = fdt_path_offset(fdt, "/aliases");
+ if (aliases_node < 0)
+ return aliases_node;
+
+ if (ethnum >= 0)
+ sprintf(eth_name, "ethernet%d", ethnum);
+
+ fdt_for_each_property_offset(prop, fdt, aliases_node) {
+ path = fdt_getprop_by_offset(fdt, prop, , NULL);
+ if (!strcmp(name, eth_name))
+ break;
+
+ path = NULL;
+ }
+
+ if (!path)
+ return -FDT_ERR_NOTFOUND;
+
+ do_fixup_by_path(fdt, path, "mac-address", mac_addr, 6, 0);
+ do_fixup_by_path(fdt, path, "local-mac-address", mac_addr, 6, 1);
+
+ return 0;
+}
+
int fdt_record_loadable(void *blob, u32 index, const char *name,
uintptr_t load_addr, u32 size, uintptr_t entry_point,
const char *type, const char *os, const char *arch)
diff --git a/include/fdt_support.h b/include/fdt_support.h
index f6f46bb8e9..3f0bcb5a00 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -119,6 +119,23 @@ static inline int fdt_fixup_memory_banks(void *blob, u64
start[], u64 size[],
#endif
void fdt_fixup_ethernet(void *fdt);
+
+/**
+ * Set the "mac-address" and "local-mac-address" of ethernet node
+ * The ethernet node is located from the "/aliases" section of the fdt. When
+ * 'ethnum' is positive, then the name is matched exactly, e.g "ethernet0".
+ * When ethnum is negative, the first ethernet alias is updated.
+ * Unlike fdt_fixup_ethernet(), this function only updates one ethernet node,
+ * and soes not use the "ethaddr" from the u-boot environment. This is useful,
+ * for example, in SPL, when the environment is not initialized or available.
+ *
+ * @param fdt FDT blob to update
+ * @param ethnum Ethernet device index, or negative for any ethernet
+ * @param mac_addr Pointer to 6-byte array containing the MAC address
+ *
+ * @return 0 if ok, or -FDT_ERR_... on error
+ */
+int fdt_ethernet_set_macaddr(void *fdt, int ethnum, const uint8_t *mac_addr);
int fdt_find_and_setprop(void *fdt, const char *node, const char *prop,
const void *val, int len, int create);
void fdt_fixup_qe_firmware(void *fdt);
--
2.31.1
[PATCH 05/10] arm: stm32mp: bsec: Do not skip .probe() for SPL
stm32mp_bsec_probe() was skipped for TFABOOT and SPL_BUILD. The idea
of skipping probe() is that we can't access BSEC from the normal
world. This is true with TFABOOT. However, in SPL, we are in the
secure world, so skipping probe is incorrect. In fact, SPL is not
even built when TFABOOT is selected.
Thus, only skip probe with TFABOOT, but not SPL_BUILD.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/bsec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-stm32mp/bsec.c b/arch/arm/mach-stm32mp/bsec.c
index fe39bd80cf..a02d19c1b9 100644
--- a/arch/arm/mach-stm32mp/bsec.c
+++ b/arch/arm/mach-stm32mp/bsec.c
@@ -506,7 +506,7 @@ static int stm32mp_bsec_probe(struct udevice *dev)
* only executed in U-Boot proper when TF-A is not used
*/
- if (!IS_ENABLED(CONFIG_TFABOOT) && !IS_ENABLED(CONFIG_SPL_BUILD)) {
+ if (!IS_ENABLED(CONFIG_TFABOOT)) {
plat = dev_get_plat(dev);
for (otp = 57; otp <= BSEC_OTP_MAX_VALUE; otp++)
--
2.31.1
[PATCH 03/10] board: stm32mp1: Implement board_fit_config_name_match() for SPL
This function is needed when loading a FIT image from SPL. It selects
the correct configuration node for the current board. Implement it.
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b/board/st/stm32mp1/spl.c
index bb210d7727..543c037ad8 100644
--- a/board/st/stm32mp1/spl.c
+++ b/board/st/stm32mp1/spl.c
@@ -5,6 +5,7 @@
#include
#include
+#include
#include
#include
#include
@@ -92,3 +93,12 @@ void board_debug_uart_init(void)
#endif
}
#endif
+
+int board_fit_config_name_match(const char *name)
+{
+ if (of_machine_is_compatible("st,stm32mp157c-dk2"))
+ return !strstr(name, "stm32mp157c-dk2");
+
+ /* Okay, it's most likely an EV board */
+ return !strstr(name, "stm32mp157") + !strstr(name, "-ev");
+}
--
2.31.1
[PATCH 02/10] stm32mp1: Add support for falcon mode boot from SD card
Falcon mode requires a board-specific mechanism to select between
fast and normal boot. This is done via spl_start_uboot()
Use the B2 button as the selection mechanism. This is connected to
GPIO PA13. Incidentally, this GPIO is already accessible via the
"st,fastboot-gpios" devicetree node.
Offsets for raw MMC loading are defined. These point to the partition
after "ssbl".
Signed-off-by: Alexandru Gagniuc
---
board/st/stm32mp1/spl.c| 39 ++
include/configs/stm32mp1.h | 13 +
2 files changed, 52 insertions(+)
diff --git a/board/st/stm32mp1/spl.c b/board/st/stm32mp1/spl.c
index 8e4549a1b3..bb210d7727 100644
--- a/board/st/stm32mp1/spl.c
+++ b/board/st/stm32mp1/spl.c
@@ -8,6 +8,7 @@
#include
#include
#include
+#include
#include
#include
#include "../common/stpmic1.h"
@@ -29,6 +30,44 @@ int board_early_init_f(void)
return 0;
}
+#if IS_ENABLED(CONFIG_SPL_OS_BOOT)
+int spl_start_uboot(void)
+{
+ ofnode node;
+ struct gpio_desc gpio;
+ int boot_uboot = 1;
+
+ node = ofnode_path("/config");
+ if (!ofnode_valid(node)) {
+ pr_warn("%s: no /config node?\n", __func__);
+ return 0;
+ }
+
+ if (gpio_request_by_name_nodev(node, "st,fastboot-gpios", 0, ,
+ GPIOD_IS_IN)) {
+ pr_warn("%s: could not find a /config/st,fastboot-gpios\n",
+ __func__);
+ return 1;
+ }
+
+ boot_uboot = dm_gpio_get_value();
+ dm_gpio_free(NULL, );
+
+ return boot_uboot;
+}
+
+#if IS_ENABLED(CONFIG_ARMV7_NONSEC)
+/*
+ * A bit of a hack, but armv7_boot_nonsec() is provided by bootm.c. This is not
+ * available in SPL, so we have to provide an implementation.
+ */
+bool armv7_boot_nonsec(void)
+{
+ return 0;
+}
+#endif /* CONFIG_ARMV7_NONSEC */
+#endif /* CONFIG_SPL_OS_BOOT */
+
#ifdef CONFIG_DEBUG_UART_BOARD_INIT
void board_debug_uart_init(void)
{
diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h
index 9fcd60285a..0849a1bddb 100644
--- a/include/configs/stm32mp1.h
+++ b/include/configs/stm32mp1.h
@@ -10,6 +10,19 @@
#include
#include
+/*
+ * Arguments if falcon mode is used
+ * CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR is the partition after "ssbl"
+ * CONFIG_SYS_SPL_ARGS_ADDR is not used, but needs to point to valid RAM.
+ */
+#define CONFIG_SYS_MMCSD_RAW_MODE_KERNEL_SECTOR 5154
+#define CONFIG_SYS_SPL_ARGS_ADDR 0xc400
+
+/* Falcon mode from SPI is not supported, but the defines are needed */
+#define CONFIG_SYS_SPI_KERNEL_OFFS (~0)
+#define CONFIG_SYS_SPI_ARGS_OFFS (~0)
+#define CONFIG_SYS_SPI_ARGS_SIZE 0
+
#ifndef CONFIG_TFABOOT
/* PSCI support */
#define CONFIG_ARMV7_SECURE_BASE STM32_SYSRAM_BASE
--
2.31.1
[PATCH 01/10] stm32mp1: Add support for baudrates higher than 115200
The UART can reliably go up to 200 baud when connected to the
on-board st-link. Unfortunately u-boot will fall back to 115200 unless
higher rates are declared via CONFIG_SYS_BAUDRATE_TABLE.
Signed-off-by: Alexandru Gagniuc
---
include/configs/stm32mp1.h | 4
1 file changed, 4 insertions(+)
diff --git a/include/configs/stm32mp1.h b/include/configs/stm32mp1.h
index b372838be8..9fcd60285a 100644
--- a/include/configs/stm32mp1.h
+++ b/include/configs/stm32mp1.h
@@ -16,6 +16,10 @@
#define CONFIG_ARMV7_SECURE_MAX_SIZE STM32_SYSRAM_SIZE
#endif
+#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 19200, 38400, 57600, 115200, \
+230400, 460800, 921600, \
+100, 200 }
+
/*
* Configuration of the external SRAM memory used by U-Boot
*/
--
2.31.1
[PATCH 00/10] stm32mp1: Support falcon mode with OP-TEE payloads
My goal when I started on this project a year ago was to get to linux userspace within a second from power on. Oh, and it had to be secure! Contrast that to the two minutes it took the STLinux demo to come up. It was obvious that the accepted way of running an FSBL, then SSBL was going to blow the time budget. There really wasn't a good solution, and traditional falcon mode with "spl export" command was not secure. I chose to use SPL with a FIT payload. We have to add certain logic to SPL, as well as some FDT modifications that would be normally done in u-boot. The boot flow is SPL -> OP-TEE -> Linux Incidentally, these patches are some of the earlier ones I wrote for this project. It didn't make sense to publish them at the time, as the supporting infrastructure was not in place then I decided not to separate these patches into mini-series. Alexandru Gagniuc (10): stm32mp1: Add support for baudrates higher than 115200 stm32mp1: Add support for falcon mode boot from SD card board: stm32mp1: Implement board_fit_config_name_match() for SPL fdt_support: Implement fdt_ethernet_set_macaddr() arm: stm32mp: bsec: Do not skip .probe() for SPL arm: stm32mp: Factor out reading MAC address from OTP stm32mp1: spl: Configure MAC address when booting OP-TEE lib: Makefile: Make optee library available in SPL ARM: dts: stm32mp: Add OP-TEE "/firmware" node to SPL dtb stm32mp1: spl: Copy optee nodes to target FDT for OP-TEE payloads arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 1 + arch/arm/mach-stm32mp/bsec.c | 2 +- arch/arm/mach-stm32mp/cpu.c | 59 ++- .../arm/mach-stm32mp/include/mach/sys_proto.h | 3 + arch/arm/mach-stm32mp/spl.c | 3 + board/st/stm32mp1/spl.c | 49 +++ common/fdt_support.c | 30 ++ include/configs/stm32mp1.h| 17 ++ include/fdt_support.h | 17 ++ lib/Makefile | 2 +- 10 files changed, 167 insertions(+), 16 deletions(-) -- 2.31.1
[PATCH 4/5] image: Drop if/elseif hash selection in calculate_hash()
calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.
This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.
My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot | 2 ++
common/image-fit.c | 45 +++--
2 files changed, 21 insertions(+), 26 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 314f1e50a0..c2d6c89372 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -13,6 +13,7 @@ config FIT
bool "Support Flattened Image Tree"
select MD5
select SHA1
+ select HASH
help
This option allows you to boot the new uImage structure,
Flattened Image Tree. FIT is formally a FDT, which can include
@@ -133,6 +134,7 @@ if SPL
config SPL_FIT
bool "Support Flattened Image Tree within SPL"
depends on SPL
+ select SPL_HASH
select SPL_OF_LIBFDT
config SPL_FIT_PRINT
diff --git a/common/image-fit.c b/common/image-fit.c
index aff4670be3..92d9141bcd 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1193,6 +1193,12 @@ int fit_set_timestamp(void *fit, int noffset, time_t
timestamp)
return 0;
}
+static void crc32_uimage_fixup(void *value)
+{
+ /* TODO: In C, this type punning is undefined behavior: */
+ *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
+}
+
/**
* calculate_hash - calculate and return hash for provided input data
* @data: pointer to the input data
@@ -1211,37 +1217,24 @@ int fit_set_timestamp(void *fit, int noffset, time_t
timestamp)
* 0, on success
*-1, when algo is unsupported
*/
-int calculate_hash(const void *data, int data_len, const char *algo,
+int calculate_hash(const void *data, int data_len, const char *name,
uint8_t *value, int *value_len)
{
- if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
- *((uint32_t *)value) = crc32_wd(0, data, data_len,
- CHUNKSZ_CRC32);
- *((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
- *value_len = 4;
- } else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
- sha1_csum_wd((unsigned char *)data, data_len,
-(unsigned char *)value, CHUNKSZ_SHA1);
- *value_len = 20;
- } else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
- sha256_csum_wd((unsigned char *)data, data_len,
- (unsigned char *)value, CHUNKSZ_SHA256);
- *value_len = SHA256_SUM_LEN;
- } else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
- sha384_csum_wd((unsigned char *)data, data_len,
- (unsigned char *)value, CHUNKSZ_SHA384);
- *value_len = SHA384_SUM_LEN;
- } else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
- sha512_csum_wd((unsigned char *)data, data_len,
- (unsigned char *)value, CHUNKSZ_SHA512);
- *value_len = SHA512_SUM_LEN;
- } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
- md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
- *value_len = 16;
- } else {
+ struct hash_algo *algo;
+ int ret;
+
+ ret = hash_lookup_algo(name, );
+ if (ret < 0) {
debug("Unsupported hash alogrithm\n");
return -1;
}
+
+ algo->hash_func_ws(data, data_len, value, algo->chunk_size);
+ *value_len = algo->digest_size;
+
+ if (!strcmp(name, "crc32"))
+ crc32_uimage_fixup(value);
+
return 0;
}
--
2.31.1
[PATCH 5/5] image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines
These are no longer used, so drop them. Signed-off-by: Alexandru Gagniuc --- include/image.h | 20 1 file changed, 20 deletions(-) diff --git a/include/image.h b/include/image.h index 489b220eba..2d057d445c 100644 --- a/include/image.h +++ b/include/image.h @@ -59,26 +59,6 @@ struct fdt_region; #include #include #include -# ifdef CONFIG_SPL_BUILD -# ifdef CONFIG_SPL_CRC32 -# define IMAGE_ENABLE_CRC32 1 -# endif -# ifdef CONFIG_SPL_MD5 -# define IMAGE_ENABLE_MD51 -# endif -# else -# define IMAGE_ENABLE_CRC32 1 -# define IMAGE_ENABLE_MD5 1 -# endif - -#ifndef IMAGE_ENABLE_CRC32 -#define IMAGE_ENABLE_CRC32 0 -#endif - -#ifndef IMAGE_ENABLE_MD5 -#define IMAGE_ENABLE_MD5 0 -#endif - #endif /* IMAGE_ENABLE_FIT */ #ifdef CONFIG_SYS_BOOT_GET_CMDLINE -- 2.31.1
[PATCH 3/5] common/spl: Drop SPL_HASH_SUPPORT in favor of SPL_HASH
Both these configs exist. Stick to using CONFIG_SPL_HASH, and drop all references to CONFIG_SPL_HASH_SUPPORT. Signed-off-by: Alexandru Gagniuc --- common/Kconfig.boot | 2 +- common/Makefile | 3 +-- common/spl/Kconfig | 12 +--- configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 2 +- configs/ls1043ardb_nand_SECURE_BOOT_defconfig| 2 +- configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 2 +- configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 2 +- configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 2 +- include/configs/xilinx_zynqmp.h | 2 +- 9 files changed, 9 insertions(+), 20 deletions(-) diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 2399d5849e..314f1e50a0 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -157,7 +157,7 @@ config SPL_FIT_SIGNATURE select FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO - select SPL_HASH_SUPPORT + select SPL_HASH imply SPL_RSA imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO diff --git a/common/Makefile b/common/Makefile index 9063ed9391..592f340f1b 100644 --- a/common/Makefile +++ b/common/Makefile @@ -8,7 +8,7 @@ ifndef CONFIG_SPL_BUILD obj-y += init/ obj-y += main.o obj-y += exports.o -obj-$(CONFIG_HASH) += hash.o +obj-$(CONFIG_$(SPL_)HASH) += hash.o obj-$(CONFIG_HUSH_PARSER) += cli_hush.o obj-$(CONFIG_AUTOBOOT) += autoboot.o @@ -66,7 +66,6 @@ ifdef CONFIG_SPL_BUILD ifdef CONFIG_SPL_DFU obj-$(CONFIG_DFU_OVER_USB) += dfu.o endif -obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_TPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_SPL_LOAD_FIT) += common_fit.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o diff --git a/common/spl/Kconfig b/common/spl/Kconfig index d69d1fa5f7..c75c8aaf08 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -477,16 +477,6 @@ config SPL_CRYPTO this option to build the drivers in drivers/crypto as part of an SPL build. -config SPL_HASH_SUPPORT - bool "Support hashing drivers" - select SHA1 - select SHA256 - help - Enable hashing drivers in SPL. These drivers can be used to - accelerate secure boot processing in secure applications. Enable - this option to build system-specific drivers for hash acceleration - as part of an SPL build. - config TPL_HASH_SUPPORT bool "Support hashing drivers in TPL" depends on TPL @@ -1193,7 +1183,7 @@ config SPL_USB_ETHER config SPL_DFU bool "Support DFU (Device Firmware Upgrade)" - select SPL_HASH_SUPPORT + select SPL_HASH select SPL_DFU_NO_RESET depends on SPL_RAM_SUPPORT help diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig index 78196e6485..c5a6819a38 100644 --- a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig +++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig @@ -31,7 +31,7 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xe8 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y +CONFIG_SPL_HASH=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig index 3736445d47..93f6b2a668 100644 --- a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xf0 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y +CONFIG_SPL_HASH=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y CONFIG_SPL_NAND_SUPPORT=y diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig index b879a0c361..71c33ca463 100644 --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y +CONFIG_SPL_HASH=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y CONFIG_SPL_WATCHDOG=y diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig index c46d0dbedd..9d7ff790e0 100644 --- a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig @@ -27,7 +27,7 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y +CONFIG_SPL_HASH=y CONFIG_SPL_E
[PATCH 2/5] lib: Drop SHA512_ALGO in lieu of SHA512
SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.
>From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.
It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.
Thus, automatically select SHA512 when SHA384 is enabled.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-socfpga/Kconfig | 2 +-
lib/Kconfig | 12
lib/Makefile | 2 +-
lib/crypt/Kconfig | 2 +-
lib/efi_loader/Kconfig| 2 +-
lib/sha512.c | 2 --
6 files changed, 8 insertions(+), 14 deletions(-)
diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-socfpga/Kconfig
index 0c35406232..5d95530292 100644
--- a/arch/arm/mach-socfpga/Kconfig
+++ b/arch/arm/mach-socfpga/Kconfig
@@ -11,7 +11,7 @@ config SOCFPGA_SECURE_VAB_AUTH
depends on TARGET_SOCFPGA_AGILEX
select FIT_IMAGE_POST_PROCESS
select SHA384
- select SHA512_ALGO
+ select SHA512
select SPL_FIT_IMAGE_POST_PROCESS
help
All images loaded from FIT will be authenticated by Secure Device
diff --git a/lib/Kconfig b/lib/Kconfig
index c535147aea..48565a4169 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -375,14 +375,9 @@ config SHA256
The SHA256 algorithm produces a 256-bit (32-byte) hash value
(digest).
-config SHA512_ALGO
- bool "Enable SHA512 algorithm"
- help
- This option enables support of internal SHA512 algorithm.
config SHA512
bool "Enable SHA512 support"
- depends on SHA512_ALGO
help
This option enables support of hashing using SHA512 algorithm.
The hash is calculated in software.
@@ -391,10 +386,11 @@ config SHA512
config SHA384
bool "Enable SHA384 support"
- depends on SHA512_ALGO
+ select SHA512
help
This option enables support of hashing using SHA384 algorithm.
- The hash is calculated in software.
+ The hash is calculated in software. This is also selects SHA512,
+ because these implementations share the bulk of the code..
The SHA384 algorithm produces a 384-bit (48-byte) hash value
(digest).
@@ -409,7 +405,7 @@ if SHA_HW_ACCEL
config SHA512_HW_ACCEL
bool "Enable hardware acceleration for SHA512"
- depends on SHA512_ALGO
+ depends on SHA512
help
This option enables hardware acceleration for the SHA384 and SHA512
hashing algorithms. This affects the 'hash' command and also the
diff --git a/lib/Makefile b/lib/Makefile
index 8ba745faa0..6aa48ca3d5 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -65,7 +65,7 @@ obj-$(CONFIG_$(SPL_)RSA) += rsa/
obj-$(CONFIG_HASH) += hash-checksum.o
obj-$(CONFIG_SHA1) += sha1.o
obj-$(CONFIG_SHA256) += sha256.o
-obj-$(CONFIG_SHA512_ALGO) += sha512.o
+obj-$(CONFIG_SHA512) += sha512.o
obj-$(CONFIG_CRYPT_PW) += crypt/
obj-$(CONFIG_$(SPL_)ZLIB) += zlib/
diff --git a/lib/crypt/Kconfig b/lib/crypt/Kconfig
index 5495ae8d4c..6a50029642 100644
--- a/lib/crypt/Kconfig
+++ b/lib/crypt/Kconfig
@@ -20,7 +20,7 @@ config CRYPT_PW_SHA256
config CRYPT_PW_SHA512
bool "Provide sha512crypt"
select SHA512
- select SHA512_ALGO
+ select SHA512
help
Enables support for the sha512crypt password-hashing algorithm.
The prefix is "$6$".
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index dacc3b5881..08463251cd 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -323,7 +323,7 @@ config EFI_TCG2_PROTOCOL
depends on TPM_V2
select SHA1
select SHA256
- select SHA512_ALGO
+ select SHA512
select SHA384
select SHA512
select HASH
diff --git a/lib/sha512.c b/lib/sha512.c
index 35f31e3dc5..a421f249ba 100644
--- a/lib/sha512.c
+++ b/lib/sha512.c
@@ -320,7 +320,6 @@ void sha384_csum_wd(const unsigned char *input, unsigned
int ilen,
#endif
-#if defined(CONFIG_SHA512)
void sha512_starts(sha512_context * ctx)
{
ctx->state[0] = SHA512_H0;
@@ -381,4 +380,3 @@ void sha512_csum_wd(const unsigned char *input, unsigned
int ilen,
sha512_finish(, output);
}
-#endif
--
2.31.1
[PATCH 1/5] common: Remove unused CONFIG_FIT_SHAxxx selectors
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for has_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.
The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot | 28 -
common/spl/Kconfig | 42
configs/mt8516_pumpkin_defconfig | 2 +-
include/image.h | 3 ---
4 files changed, 1 insertion(+), 74 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 0d4c38402c..2399d5849e 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -35,34 +35,6 @@ config FIT_EXTERNAL_OFFSET
could be put in the hole between data payload and fit image
header, such as CSF data on i.MX platform.
-config FIT_SHA256
- bool "Support SHA256 checksum of FIT image contents"
- default y
- select SHA256
- help
- Enable this to support SHA256 checksum of FIT image contents. A
- SHA256 checksum is a 256-bit (32-byte) hash value used to check that
- the image contents have not been corrupted.
-
-config FIT_SHA384
- bool "Support SHA384 checksum of FIT image contents"
- default n
- select SHA384
- help
- Enable this to support SHA384 checksum of FIT image contents. A
- SHA384 checksum is a 384-bit (48-byte) hash value used to check that
- the image contents have not been corrupted. Use this for the highest
- security.
-
-config FIT_SHA512
- bool "Support SHA512 checksum of FIT image contents"
- default n
- select SHA512
- help
- Enable this to support SHA512 checksum of FIT image contents. A
- SHA512 checksum is a 512-bit (64-byte) hash value used to check that
- the image contents have not been corrupted.
-
config FIT_FULL_CHECK
bool "Do a full check of the FIT before using it"
default y
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index c155a3b5fc..d69d1fa5f7 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -439,48 +439,6 @@ config SPL_MD5
applications where images may be changed maliciously, you should
consider SHA256 or SHA384.
-config SPL_FIT_SHA1
- bool "Support SHA1"
- depends on SPL_FIT
- select SHA1
- help
- Enable this to support SHA1 in FIT images within SPL. A SHA1
- checksum is a 160-bit (20-byte) hash value used to check that the
- image contents have not been corrupted or maliciously altered.
- While SHA1 is fairly secure it is coming to the end of its life
- due to the expanding computing power available to brute-force
- attacks. For more security, consider SHA256 or SHA384.
-
-config SPL_FIT_SHA256
- bool "Support SHA256"
- depends on SPL_FIT
- select SHA256
- help
- Enable this to support SHA256 in FIT images within SPL. A SHA256
- checksum is a 256-bit (32-byte) hash value used to check that the
- image contents have not been corrupted.
-
-config SPL_FIT_SHA384
- bool "Support SHA384"
- depends on SPL_FIT
- select SHA384
- select SHA512_ALGO
- help
- Enable this to support SHA384 in FIT images within SPL. A SHA384
- checksum is a 384-bit (48-byte) hash value used to check that the
- image contents have not been corrupted. Use this for the highest
- security.
-
-config SPL_FIT_SHA512
- bool "Support SHA512"
- depends on SPL_FIT
- select SHA512
- select SHA512_ALGO
- help
- Enable this to support SHA512 in FIT images within SPL. A SHA512
- checksum is a 512-bit (64-byte) hash value used to check that the
- image contents have not been corrupted.
-
config SPL_FIT_IMAGE_TINY
bool "Remove functionality from SPL FIT loading to reduce size"
depends on SPL_FIT
diff --git a/configs/mt8516_pumpkin_defconfig b/configs/mt8516_pumpkin_defconfig
index 0a6c1fccae..1478b01716 100644
--- a/configs/mt8516_pumpkin_defconfig
+++ b/configs/mt8516_pumpkin_defconfig
@@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=2600
# CONFIG_PSCI_RESET is not set
CONFIG_DEBUG_UART=y
CONFIG_FIT=y
-# CONFIG_FIT_SHA256 is not set
+# CONFIG_SHA256 is not set
# CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
# CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/include/image.h b/include/image.h
index
[PATCH 0/5] Fix FIT hash algos in SPL (Fixes v2021.10-rc2)
Simon and I recently worked on killing a bunch extra definitions. One
of the side-effects is that certain hash algorithms won't work in SPL
when used in the context of FIT verification.
For example, in FIT verification, CONFIG_IS_ENABLED(SHA256) is used
(good), but there is no corresponding CONFIG_SPL_SHA256 (bad). This
will always be false for SPL, hence certain "hash" algos are broken.
This series resolves the selection by replacing the broken selection
with hash_lookup_algo(), which does not have the aforementioned
problem. This at the very least allows 'algo = "sha256"' FIT nodes to
work in SPL.
This series does not attempt to add individual SHA/CRC/MD5 configs for
SPL. Hash algo selection for SPL has been problematic even before. This
series is meant as an emergency fix, so it does not attempt to tackle
general refactoring issues.
Alexandru Gagniuc (5):
common: Remove unused CONFIG_FIT_SHAxxx selectors
lib: Drop SHA512_ALGO in lieu of SHA512
common/spl: Drop SPL_HASH_SUPPORT in favor of SPL_HASH
image: Drop if/elseif hash selection in calculate_hash()
image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines
arch/arm/mach-socfpga/Kconfig | 2 +-
common/Kconfig.boot | 32 ++-
common/Makefile | 3 +-
common/image-fit.c| 45 +++-
common/spl/Kconfig| 54 +--
...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 2 +-
configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 2 +-
.../ls1043ardb_sdcard_SECURE_BOOT_defconfig | 2 +-
.../ls1046ardb_sdcard_SECURE_BOOT_defconfig | 2 +-
...1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 2 +-
configs/mt8516_pumpkin_defconfig | 2 +-
include/configs/xilinx_zynqmp.h | 2 +-
include/image.h | 23
lib/Kconfig | 12 ++---
lib/Makefile | 2 +-
lib/crypt/Kconfig | 2 +-
lib/efi_loader/Kconfig| 2 +-
lib/sha512.c | 2 -
18 files changed, 39 insertions(+), 154 deletions(-)
--
2.31.1
[PATCH] image: rsa: Move padding_algos to linker lists
We are not guaranteed to have the padding_pkcs_15_verify symbol since
commit 92c960bc1d ("lib: rsa: Remove #ifdefs from rsa.h"), and
commit 61416fe9df ("Kconfig: FIT_SIGNATURE should not select RSA_VERIFY")
The padding_algos only make sense with RSA verification, which can now
be disabled in lieu of ECDSA. In fact this will lead to build failures
because of the missing symbol mentioned earlier.
To resolve this, move the padding_algos to a linker list, with
declarations moved to rsa_verify.c. This is consistent with commit
6909edb4ce ("image: rsa: Move verification algorithm to a linker list")
One could argue that the added #ifdef USE_HOSTCC is ugly, and should
be hidden within the U_BOOT_PADDING_ALGO() macro. However, this would
be inconsistent with the "cryptos" list. This logic for was not
previously explored:
Without knowledge of the U_BOOT_PADDING_ALGO() macro, its use is
similar to something being declared. However, should #ifndef
USE_HOSTCC be part of the macro, it would not be obvious that it
behaves differently on host code and target code. Having the #ifndef
outside the macro makes this obvious.
Also, the #ifdef is not always necessary. For example ecda-verify
makes use of U_BOOT_CRYPTO_ALGO() without any accompanying #ifdefs.
The fundamental issue is a lack of separation of host and target code
in rsa_verify. Therefore, the declaration of a padding algo with the
external #ifdef is more readable and consistent.
Signed-off-by: Alexandru Gagniuc
---
common/image-sig.c | 23 ++-
include/image.h | 4
lib/rsa/rsa-verify.c | 15 +++
3 files changed, 25 insertions(+), 17 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index fb0035524e..fa9407bb30 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -51,19 +51,6 @@ struct checksum_algo checksum_algos[] = {
};
-struct padding_algo padding_algos[] = {
- {
- .name = "pkcs-1.5",
- .verify = padding_pkcs_15_verify,
- },
-#ifdef CONFIG_FIT_RSASSA_PSS
- {
- .name = "pss",
- .verify = padding_pss_verify,
- }
-#endif /* CONFIG_FIT_RSASSA_PSS */
-};
-
struct checksum_algo *image_get_checksum_algo(const char *full_name)
{
int i;
@@ -129,14 +116,16 @@ struct crypto_algo *image_get_crypto_algo(const char
*full_name)
struct padding_algo *image_get_padding_algo(const char *name)
{
- int i;
+ struct padding_algo *padding, *end;
if (!name)
return NULL;
- for (i = 0; i < ARRAY_SIZE(padding_algos); i++) {
- if (!strcmp(padding_algos[i].name, name))
- return _algos[i];
+ padding = ll_entry_start(struct padding_algo, paddings);
+ end = ll_entry_end(struct padding_algo, paddings);
+ for (; padding < end; padding++) {
+ if (!strcmp(padding->name, name))
+ return padding;
}
return NULL;
diff --git a/include/image.h b/include/image.h
index e20f0b69d5..ab0a6c2ef0 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1334,6 +1334,10 @@ struct padding_algo {
const uint8_t *hash, int hash_len);
};
+/* Declare a new U-Boot padding algorithm handler */
+#define U_BOOT_PADDING_ALGO(__name)
\
+ll_entry_declare(struct padding_algo, __name, paddings)
+
/**
* image_get_checksum_algo() - Look up a checksum algorithm
*
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 3840764e42..ad6d33d043 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -95,6 +95,13 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
return 0;
}
+#ifndef USE_HOSTCC
+U_BOOT_PADDING_ALGO(pkcs_15) = {
+ .name = "pkcs-1.5",
+ .verify = padding_pkcs_15_verify,
+};
+#endif
+
#ifdef CONFIG_FIT_RSASSA_PSS
static void u32_i2osp(uint32_t val, uint8_t *buf)
{
@@ -296,6 +303,14 @@ out:
return ret;
}
+
+#ifndef USE_HOSTCC
+U_BOOT_PADDING_ALGO(pss) = {
+ .name = "pss",
+ .verify = padding_pss_verify,
+};
+#endif
+
#endif
#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)
--
2.31.1
[PATCH] lib/rsa: Remove support for OpenSSL < 1.1.0 and libressl < 2.7.0
Older OpenSSL and libressl versions have a slightly different API.
This require #ifdefs to support. However, we still can't support it
because the ECDSA path does not compile with these older versions.
These #ifdefs are truly a vestigial appendage.
Alternatively, the ECDSA path could be updated for older libraries,
but this requires significant extra code, and #ifdefs. Those libraries
are over three years old, and there concerns whether it makes sense to
build modern software for real world use against such old libraries.
Thusly, remove #ifdefs and code for old OpenSSL and LibreSSL support.
Signed-off-by: Alexandru Gagniuc
---
I would appreciate if somebody tested the RSA signing functionality
with this patch applied, as I am not equipped to test this
comprehensively.
lib/rsa/rsa-sign.c | 76 +++---
1 file changed, 4 insertions(+), 72 deletions(-)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index deff936fef..e6527c2610 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -19,24 +19,6 @@
#include
#include
-#if OPENSSL_VERSION_NUMBER >= 0x1000L
-#define HAVE_ERR_REMOVE_THREAD_STATE
-#endif
-
-#if OPENSSL_VERSION_NUMBER < 0x1010L || \
- (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
0x0207fL)
-static void RSA_get0_key(const RSA *r,
- const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-{
- if (n != NULL)
- *n = r->n;
- if (e != NULL)
- *e = r->e;
- if (d != NULL)
- *d = r->d;
-}
-#endif
-
static int rsa_err(const char *msg)
{
unsigned long sslErr = ERR_get_error();
@@ -314,24 +296,11 @@ static int rsa_init(void)
{
int ret;
-#if OPENSSL_VERSION_NUMBER < 0x1010L || \
- (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
0x0207fL)
- ret = SSL_library_init();
-#else
ret = OPENSSL_init_ssl(0, NULL);
-#endif
if (!ret) {
fprintf(stderr, "Failure to init SSL library\n");
return -1;
}
-#if OPENSSL_VERSION_NUMBER < 0x1010L || \
- (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
0x0207fL)
- SSL_load_error_strings();
-
- OpenSSL_add_all_algorithms();
- OpenSSL_add_all_digests();
- OpenSSL_add_all_ciphers();
-#endif
return 0;
}
@@ -346,8 +315,7 @@ static int rsa_engine_init(const char *engine_id, ENGINE
**pe)
e = ENGINE_by_id(engine_id);
if (!e) {
fprintf(stderr, "Engine isn't available\n");
- ret = -1;
- goto err_engine_by_id;
+ return -1;
}
if (!ENGINE_init(e)) {
@@ -370,29 +338,9 @@ err_set_rsa:
ENGINE_finish(e);
err_engine_init:
ENGINE_free(e);
-err_engine_by_id:
-#if OPENSSL_VERSION_NUMBER < 0x1010L || \
- (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
0x0207fL)
- ENGINE_cleanup();
-#endif
return ret;
}
-static void rsa_remove(void)
-{
-#if OPENSSL_VERSION_NUMBER < 0x1010L || \
- (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
0x0207fL)
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
-#ifdef HAVE_ERR_REMOVE_THREAD_STATE
- ERR_remove_thread_state(NULL);
-#else
- ERR_remove_state(0);
-#endif
- EVP_cleanup();
-#endif
-}
-
static void rsa_engine_remove(ENGINE *e)
{
if (e) {
@@ -465,12 +413,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct
padding_algo *padding_algo,
goto err_sign;
}
- #if OPENSSL_VERSION_NUMBER < 0x1010L || \
- (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
0x0207fL)
- EVP_MD_CTX_cleanup(context);
- #else
- EVP_MD_CTX_reset(context);
- #endif
+ EVP_MD_CTX_reset(context);
EVP_MD_CTX_destroy(context);
debug("Got signature: %d bytes, expected %zu\n", *sig_size, size);
@@ -502,7 +445,7 @@ int rsa_sign(struct image_sign_info *info,
if (info->engine_id) {
ret = rsa_engine_init(info->engine_id, );
if (ret)
- goto err_engine;
+ return ret;
}
ret = rsa_get_priv_key(info->keydir, info->keyname, info->keyfile,
@@ -517,7 +460,6 @@ int rsa_sign(struct image_sign_info *info,
EVP_PKEY_free(pkey);
if (info->engine_id)
rsa_engine_remove(e);
- rsa_remove();
return ret;
@@ -526,8 +468,6 @@ err_sign:
err_priv:
if (info->engine_id)
rsa_engine_remove(e);
-err_engine:
- rsa_remove();
return ret;
}
@@ -675,12 +615,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void
*keydest)
ret =
[PATCH 5/5] test: dm: Add test for ECDSA UCLASS support
This test verifies that ECDSA_UCLASS is implemented, and that
ecdsa_verify() works as expected. The definition of "expected" is
"does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us
from having one in the sandbox, for now.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
configs/sandbox_defconfig | 2 ++
test/dm/Makefile | 1 +
test/dm/ecdsa.c | 38 ++
3 files changed, 41 insertions(+)
create mode 100644 test/dm/ecdsa.c
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index bcd82f76ff..8bb981d6f5 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -299,3 +299,5 @@ CONFIG_TEST_FDTDEC=y
CONFIG_UNIT_TEST=y
CONFIG_UT_TIME=y
CONFIG_UT_DM=y
+CONFIG_ECDSA=y
+CONFIG_ECDSA_VERIFY=y
diff --git a/test/dm/Makefile b/test/dm/Makefile
index d5c42e7643..516f69d61c 100644
--- a/test/dm/Makefile
+++ b/test/dm/Makefile
@@ -36,6 +36,7 @@ obj-$(CONFIG_DEVRES) += devres.o
obj-$(CONFIG_DMA) += dma.o
obj-$(CONFIG_VIDEO_MIPI_DSI) += dsi_host.o
obj-$(CONFIG_DM_DSA) += dsa.o
+obj-$(CONFIG_ECDSA_VERIFY) += ecdsa.o
obj-$(CONFIG_DM_ETH) += eth.o
ifneq ($(CONFIG_EFI_PARTITION),)
obj-$(CONFIG_FASTBOOT_FLASH_MMC) += fastboot.o
diff --git a/test/dm/ecdsa.c b/test/dm/ecdsa.c
new file mode 100644
index 00..da535c98b5
--- /dev/null
+++ b/test/dm/ecdsa.c
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+#include
+#include
+#include
+#include
+#include
+
+/*
+ * Basic test of the ECDSA uclass and ecdsa_verify()
+ *
+ * ECDSA implementations in u-boot are hardware-dependent. Until we have a
+ * software implementation that can be compiled into the sandbox, all we can
+ * test is the uclass support.
+ *
+ * The uclass_get() test is redundant since ecdsa_verify() would also fail. We
+ * run both functions in order to isolate the cause more clearly. i.e. is
+ * ecdsa_verify() failing because the UCLASS is absent/broken?
+ */
+static int dm_test_ecdsa_verify(struct unit_test_state *uts)
+{
+ struct uclass *ucp;
+
+ struct checksum_algo algo = {
+ .checksum_len = 256,
+ };
+
+ struct image_sign_info info = {
+ .checksum = ,
+ };
+
+ ut_assertok(uclass_get(UCLASS_ECDSA, ));
+ ut_assertnonnull(ucp);
+ ut_asserteq(-ENODEV, ecdsa_verify(, NULL, 0, NULL, 0));
+
+ return 0;
+}
+DM_TEST(dm_test_ecdsa_verify, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT);
--
2.31.1
[PATCH 4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass Reviewed-by: Igor Opaniuk --- common/Kconfig.boot | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/common/Kconfig.boot b/common/Kconfig.boot index f39df04bbf..0d4c38402c 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -76,8 +76,8 @@ config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM select HASH - select RSA - select RSA_VERIFY + imply RSA + imply RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK help @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO select SPL_HASH_SUPPORT - select SPL_RSA - select SPL_RSA_VERIFY + imply SPL_RSA + imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO select SPL_FIT_FULL_CHECK -- 2.31.1
[PATCH 2/5] lib: ecdsa: Implement UCLASS_ECDSA verification on target
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
lib/Kconfig | 1 +
lib/Makefile | 1 +
lib/ecdsa/Kconfig| 23 +++
lib/ecdsa/Makefile | 1 +
lib/ecdsa/ecdsa-verify.c | 134 +++
5 files changed, 160 insertions(+)
create mode 100644 lib/ecdsa/Kconfig
create mode 100644 lib/ecdsa/Makefile
create mode 100644 lib/ecdsa/ecdsa-verify.c
diff --git a/lib/Kconfig b/lib/Kconfig
index fdcf7ea405..014a2f7f77 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -303,6 +303,7 @@ config AES
supported by the algorithm but only a 128-bit key is supported at
present.
+source lib/ecdsa/Kconfig
source lib/rsa/Kconfig
source lib/crypto/Kconfig
source lib/crypt/Kconfig
diff --git a/lib/Makefile b/lib/Makefile
index 07c2ccd7cf..8ba745faa0 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -60,6 +60,7 @@ endif
obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
obj-$(CONFIG_$(SPL_)MD5) += md5.o
+obj-$(CONFIG_ECDSA) += ecdsa/
obj-$(CONFIG_$(SPL_)RSA) += rsa/
obj-$(CONFIG_HASH) += hash-checksum.o
obj-$(CONFIG_SHA1) += sha1.o
diff --git a/lib/ecdsa/Kconfig b/lib/ecdsa/Kconfig
new file mode 100644
index 00..a95c4ff581
--- /dev/null
+++ b/lib/ecdsa/Kconfig
@@ -0,0 +1,23 @@
+config ECDSA
+ bool "Enable ECDSA support"
+ depends on DM
+ help
+ This enables the ECDSA (elliptic curve signature) algorithm for FIT
+ image verification in U-Boot. The ECDSA algorithm is implemented
+ using the driver model, so CONFIG_DM is required by this library.
+ See doc/uImage.FIT/signature.txt for more details.
+ ECDSA is enabled for mkimage regardless of this option.
+
+if ECDSA
+
+config ECDSA_VERIFY
+ bool "Enable ECDSA verification support in U-Boot."
+ help
+ Allow ECDSA signatures to be recognized and verified in U-Boot.
+
+config SPL_ECDSA_VERIFY
+ bool "Enable ECDSA verification support in SPL"
+ help
+ Allow ECDSA signatures to be recognized and verified in SPL.
+
+endif
diff --git a/lib/ecdsa/Makefile b/lib/ecdsa/Makefile
new file mode 100644
index 00..771d6d3135
--- /dev/null
+++ b/lib/ecdsa/Makefile
@@ -0,0 +1 @@
+obj-$(CONFIG_$(SPL_)ECDSA_VERIFY) += ecdsa-verify.o
diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
new file mode 100644
index 00..0601700c4f
--- /dev/null
+++ b/lib/ecdsa/ecdsa-verify.c
@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * ECDSA signature verification for u-boot
+ *
+ * This implements the firmware-side wrapper for ECDSA verification. It bridges
+ * the struct crypto_algo API to the ECDSA uclass implementations.
+ *
+ * Copyright (c) 2020, Alexandru Gagniuc
+ */
+
+#include
+#include
+#include
+
+/*
+ * Derive size of an ECDSA key from the curve name
+ *
+ * While it's possible to extract the key size by using string manipulation,
+ * use a list of known curves for the time being.
+ */
+static int ecdsa_key_size(const char *curve_name)
+{
+ if (!strcmp(curve_name, "prime256v1"))
+ return 256;
+ else
+ return 0;
+}
+
+static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
+{
+ int x_len, y_len;
+
+ key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
+ key->size_bits = ecdsa_key_size(key->curve_name);
+ if (key->size_bits == 0) {
+ debug("Unknown ECDSA curve '%s'", key->curve_name);
+ return -EINVAL;
+ }
+
+ key->x = fdt_getprop(fdt, node, "ecdsa,x-point", _len);
+ key->y = fdt_getprop(fdt, node, "ecdsa,y-point", _len);
+
+ if (!key->x || !key->y)
+ return -EINVAL;
+
+ if (x_len != (key->size_bits / 8) || y_len != (key->size_bits / 8)) {
+ printf("%s: node=%d, curve@%p x@%p+%i y@%p+%i\n", __func__,
+ node, key->curve_name, key->x, x_len, key->y, y_len);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int ecdsa_verify_hash(struct udevice *dev,
+const struct image_sign_info *info,
+const void *hash, const void *sig, uint sig_len)
+{
+ const struct ecdsa_ops *ops = device_get_ops(dev);
+ const struct checksum_algo *algo = info->checksum;
+ struct ecdsa_public_key key;
+ int sig_node, key_node, ret;
+
+ if (!ops || !ops->verify)
+ return -ENODEV;
+
+ if (info->required_keynode > 0) {
+ ret = fdt_get_key(, info->fdt_blob, info->re
[PATCH 3/5] arm: stm32mp1: Implement ECDSA signature verification
The STM32MP ROM provides several service. One of them is the ability
to verify ecdsa256 signatures. Hook the ROM API into the ECDSA uclass.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/Kconfig| 9 +++
arch/arm/mach-stm32mp/Makefile | 1 +
arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 +++
3 files changed, 112 insertions(+)
create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
diff --git a/arch/arm/mach-stm32mp/Kconfig b/arch/arm/mach-stm32mp/Kconfig
index ace07fd70f..4c1eeef165 100644
--- a/arch/arm/mach-stm32mp/Kconfig
+++ b/arch/arm/mach-stm32mp/Kconfig
@@ -172,6 +172,15 @@ config STM32_ETZPC
help
Say y to enable STM32 Extended TrustZone Protection
+config STM32_ECDSA_VERIFY
+ bool "STM32 ECDSA verification via the ROM API"
+ depends on SPL_ECDSA_VERIFY
+ default y
+ help
+ Say y to enable the uclass driver for ECDSA verification using the
+ ROM API provided on STM32MP.
+ The ROM API is only available during SPL for now.
+
config CMD_STM32KEY
bool "command stm32key to fuse public key hash"
default n
diff --git a/arch/arm/mach-stm32mp/Makefile b/arch/arm/mach-stm32mp/Makefile
index 879c1961fe..391b47cf13 100644
--- a/arch/arm/mach-stm32mp/Makefile
+++ b/arch/arm/mach-stm32mp/Makefile
@@ -11,6 +11,7 @@ obj-y += bsec.o
ifdef CONFIG_SPL_BUILD
obj-y += spl.o
obj-y += tzc400.o
+obj-$(CONFIG_STM32_ECDSA_VERIFY) += ecdsa_romapi.o
else
obj-y += cmd_stm32prog/
obj-$(CONFIG_CMD_STM32KEY) += cmd_stm32key.o
diff --git a/arch/arm/mach-stm32mp/ecdsa_romapi.c
b/arch/arm/mach-stm32mp/ecdsa_romapi.c
new file mode 100644
index 00..a2f63ff879
--- /dev/null
+++ b/arch/arm/mach-stm32mp/ecdsa_romapi.c
@@ -0,0 +1,102 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * STM32MP ECDSA verification via the ROM API
+ *
+ * Implements ECDSA signature verification via the STM32MP ROM.
+ */
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#define ROM_API_SUCCESS0x77
+#define ROM_API_ECDSA_ALGO_PRIME_256V1 1
+#define ROM_API_ECDSA_ALGO_BRAINPOOL_256 2
+
+#define ROM_API_OFFSET_ECDSA_VERIFY0x60
+
+struct ecdsa_rom_api {
+ uint32_t (*ecdsa_verify_signature)(const void *hash, const void *pubkey,
+ const void *signature,
+ uint32_t ecc_algo);
+};
+
+/*
+ * Without forcing the ".data" section, this would get saved in ".bss". BSS
+ * will be cleared soon after, so it's not suitable.
+ */
+static uintptr_t rom_api_loc __section(".data");
+
+/*
+ * The ROM gives us the API location in r0 when starting. This is only
available
+ * during SPL, as there isn't (yet) a mechanism to pass this on to u-boot.
+ */
+void save_boot_params(unsigned long r0, unsigned long r1, unsigned long r2,
+ unsigned long r3)
+{
+ rom_api_loc = r0;
+ save_boot_params_ret();
+}
+
+static void stm32mp_rom_get_ecdsa_functions(struct ecdsa_rom_api *rom)
+{
+ uintptr_t verify_ptr = rom_api_loc + ROM_API_OFFSET_ECDSA_VERIFY;
+
+ rom->ecdsa_verify_signature = *(void **)verify_ptr;
+}
+
+static int ecdsa_key_algo(const char *curve_name)
+{
+ if (!strcmp(curve_name, "prime256v1"))
+ return ROM_API_ECDSA_ALGO_PRIME_256V1;
+ else if (!strcmp(curve_name, "brainpool256"))
+ return ROM_API_ECDSA_ALGO_BRAINPOOL_256;
+ else
+ return -ENOPROTOOPT;
+}
+
+static int romapi_ecdsa_verify(struct udevice *dev,
+ const struct ecdsa_public_key *pubkey,
+ const void *hash, size_t hash_len,
+ const void *signature, size_t sig_len)
+{
+ struct ecdsa_rom_api rom;
+ uint8_t raw_key[64];
+ uint32_t rom_ret;
+ int algo;
+
+ /* The ROM API can only handle 256-bit ECDSA keys. */
+ if (sig_len != 64 || hash_len != 32 || pubkey->size_bits != 256)
+ return -EINVAL;
+
+ algo = ecdsa_key_algo(pubkey->curve_name);
+ if (algo < 0)
+ return algo;
+
+ /* The ROM API wants the (X, Y) coordinates concatenated. */
+ memcpy(raw_key, pubkey->x, 32);
+ memcpy(raw_key + 32, pubkey->y, 32);
+
+ stm32mp_rom_get_ecdsa_functions();
+ rom_ret = rom.ecdsa_verify_signature(hash, raw_key, signature, algo);
+
+ return rom_ret == ROM_API_SUCCESS ? 0 : -EPERM;
+}
+
+static const struct ecdsa_ops rom_api_ops = {
+ .verify = romapi_ecdsa_verify,
+};
+
+U_BOOT_DRIVER(stm32mp_rom_api_ecdsa) = {
+ .name = "stm32mp_rom_api_ecdsa",
+ .id = UCLASS_ECDSA,
+ .ops= _api_ops,
+ .flags = DM_FLAG_PRE_RELOC,
+};
+
+U_BOOT_DRVINFO(stm32mp_rom_api_ecdsa) = {
+ .name = "stm32mp_rom_api_ecdsa",
+};
--
2.31.1
[PATCH 1/5] dm: crypto: Define UCLASS API for ECDSA signature verification
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.
Signed-off-by: Alexandru Gagniuc
---
include/crypto/ecdsa-uclass.h | 39 +++
include/dm/uclass-id.h| 1 +
2 files changed, 40 insertions(+)
create mode 100644 include/crypto/ecdsa-uclass.h
diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h
new file mode 100644
index 00..189843820a
--- /dev/null
+++ b/include/crypto/ecdsa-uclass.h
@@ -0,0 +1,39 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2020, Alexandru Gagniuc
+ */
+
+#include
+
+/**
+ * struct ecdsa_public_key - ECDSA public key properties
+ *
+ * The struct has pointers to the (x, y) curve coordinates to an ECDSA public
+ * key, as well as the name of the ECDSA curve. The size of the key is inferred
+ * from the 'curve_name'
+ */
+struct ecdsa_public_key {
+ const char *curve_name; /* Name of curve, e.g. "prime256v1" */
+ const void *x; /* x coordinate of public key */
+ const void *y; /* y coordinate of public key */
+ unsigned int size_bits; /* key size in bits, derived from curve name */
+};
+
+struct ecdsa_ops {
+ /**
+* Verify signature of hash against given public key
+*
+* @dev:ECDSA Device
+* @pubkey: ECDSA public key
+* @hash: Hash of binary image
+* @hash_len: Length of hash in bytes
+* @signature: Signature in a raw (R, S) point pair
+* @sig_len:Length of signature in bytes
+*
+* This function verifies that the 'signature' of the given 'hash' was
+* signed by the private key corresponding to 'pubkey'.
+*/
+ int (*verify)(struct udevice *dev, const struct ecdsa_public_key
*pubkey,
+ const void *hash, size_t hash_len,
+ const void *signature, size_t sig_len);
+};
diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
index 9d474533ba..e7edd409f3 100644
--- a/include/dm/uclass-id.h
+++ b/include/dm/uclass-id.h
@@ -47,6 +47,7 @@ enum uclass_id {
UCLASS_DSI_HOST,/* Display Serial Interface host */
UCLASS_DMA, /* Direct Memory Access */
UCLASS_DSA, /* Distributed (Ethernet) Switch Architecture */
+ UCLASS_ECDSA, /* Elliptic curve cryptographic device */
UCLASS_EFI, /* EFI managed devices */
UCLASS_ETH, /* Ethernet device */
UCLASS_ETH_PHY, /* Ethernet PHY device */
--
2.31.1
[PATCH 0/5] Enable ECDSA FIT verification for stm32mp
This series is based on the latest master, so no patch dependencies. Q: Will there be a software-only implementation of ECDSA ? A: That is the goal, so that we can have more extensive testing with the sandbox. I don not have the bandwidth to implement it. There has been an initial poer of software ecdsa here: https://github.com/timr11/u-boot/tree/ecdsa-vrf-1 Q: Can more code be shared with the RSA verification path? A: Probably yes. Mostly having to do with parsing the "/signature" node and "key-name-hint"s in the u-boot FDT. Although there isn't any copypasted RSA code, or code with substantial similarity. Changes since v5: - Fixed clang warning stemming from test/dm/ecdsa.c Changes since v4: - Use U_BOOT_CRYPTO_ALGO() to add ECDSA to .u_boot_list - No need to #define IMAGE_ENABLE_VERIFY_ECDSA - Use ut_asserteq(x, -ENODEV) instead of ut_assert(x == -ENODEV) Changes since v3: - Remove unused ecdsa_check_key() function Changes since v2: - Spell out "elliptic curve" in Kconfig (Although RSA isn't spelled out) Changes since v1: - Add test to make sure the UCLASS is enabled - Fix check against wrong sig_len in ecdsa_romapi.c - s/U_BOOT_DEVICE/U_BOOT_DRVINFO/ - Use "if(!ret)" instead of "if (ret == 0)" - Use uclass_first_device_err() instead of uclass_fi Alexandru Gagniuc (5): dm: crypto: Define UCLASS API for ECDSA signature verification lib: ecdsa: Implement UCLASS_ECDSA verification on target arm: stm32mp1: Implement ECDSA signature verification Kconfig: FIT_SIGNATURE should not select RSA_VERIFY test: dm: Add test for ECDSA UCLASS support arch/arm/mach-stm32mp/Kconfig| 9 ++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 common/Kconfig.boot | 8 +- configs/sandbox_defconfig| 2 + include/crypto/ecdsa-uclass.h| 39 include/dm/uclass-id.h | 1 + lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig| 23 + lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 134 +++ test/dm/Makefile | 1 + test/dm/ecdsa.c | 38 14 files changed, 357 insertions(+), 4 deletions(-) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c create mode 100644 include/crypto/ecdsa-uclass.h create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c create mode 100644 test/dm/ecdsa.c -- 2.31.1
[PATCH v5 5/5] ARM: dts: stm32mp: Add OP-TEE reserved memory to SPL dtb
Add the "/reserved-memory/optee" node to the SPL devicetree. The
purpose is to allow configuring TZC regions when booting OP-TEE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
index 6787619290..55d634f7db 100644
--- a/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
+++ b/arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi
@@ -30,9 +30,12 @@
};
reserved-memory {
+ u-boot,dm-spl;
+
optee@de00 {
reg = <0xde00 0x0200>;
no-map;
+ u-boot,dm-spl;
};
};
--
2.31.1
[PATCH v5 3/5] arm: stm32mp: Implement support for TZC 400 controller
The purpose of this change is to allow configuring TrustZone (TZC)
memory permissions. For example, OP-TEE expects TZC regions to be
configured in a very particular way. The API presented here is
intended to allow exactly that.
UCLASS support is not implemented, because it would not be too useful.
Changing TZC permissions needs to be done with care, so as not to cut
off access to memory we are currently using. One place where we can
use this is at the end of SPL, right before jumping to OP-TEE.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Patrick Delaunay
---
arch/arm/mach-stm32mp/Makefile | 1 +
arch/arm/mach-stm32mp/include/mach/tzc.h | 33 ++
arch/arm/mach-stm32mp/tzc400.c | 136 +++
3 files changed, 170 insertions(+)
create mode 100644 arch/arm/mach-stm32mp/include/mach/tzc.h
create mode 100644 arch/arm/mach-stm32mp/tzc400.c
diff --git a/arch/arm/mach-stm32mp/Makefile b/arch/arm/mach-stm32mp/Makefile
index aa39867080..879c1961fe 100644
--- a/arch/arm/mach-stm32mp/Makefile
+++ b/arch/arm/mach-stm32mp/Makefile
@@ -10,6 +10,7 @@ obj-y += bsec.o
ifdef CONFIG_SPL_BUILD
obj-y += spl.o
+obj-y += tzc400.o
else
obj-y += cmd_stm32prog/
obj-$(CONFIG_CMD_STM32KEY) += cmd_stm32key.o
diff --git a/arch/arm/mach-stm32mp/include/mach/tzc.h
b/arch/arm/mach-stm32mp/include/mach/tzc.h
new file mode 100644
index 00..16db55c464
--- /dev/null
+++ b/arch/arm/mach-stm32mp/include/mach/tzc.h
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Simple API for configuring TrustZone memory regions
+ *
+ * The premise is that the desired TZC layout is known beforehand, and it can
+ * be configured in one step. tzc_configure() provides this functionality.
+ */
+#ifndef MACH_TZC_H
+#define MACH_TZC_H
+
+#include
+
+enum tzc_sec_mode {
+ TZC_ATTR_SEC_NONE = 0,
+ TZC_ATTR_SEC_R = 1,
+ TZC_ATTR_SEC_W = 2,
+ TZC_ATTR_SEC_RW = 3
+};
+
+struct tzc_region {
+ uintptr_t base;
+ uintptr_t top;
+ enum tzc_sec_mode sec_mode;
+ uint16_t nsec_id;
+ uint16_t filters_mask;
+};
+
+int tzc_configure(uintptr_t tzc, const struct tzc_region *cfg);
+int tzc_disable_filters(uintptr_t tzc, uint16_t filters_mask);
+int tzc_enable_filters(uintptr_t tzc, uint16_t filters_mask);
+void tzc_dump_config(uintptr_t tzc);
+
+#endif /* MACH_TZC_H */
diff --git a/arch/arm/mach-stm32mp/tzc400.c b/arch/arm/mach-stm32mp/tzc400.c
new file mode 100644
index 00..cdc4a40eda
--- /dev/null
+++ b/arch/arm/mach-stm32mp/tzc400.c
@@ -0,0 +1,136 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Simple API for configuring TrustZone memory restrictions for TZC400
+ */
+
+#define LOG_CATEGORY LOGC_ARCH
+
+#include
+#include
+
+#define TZC_TIMEOUT_US 100
+
+#define TZC_BUILD_CONFIG 0x00
+#define TZC_ACTION 0x04
+#define TZC_ACTION_NONE0
+#define TZC_ACTION_ERR 1
+#define TZC_ACTION_INT 2
+#define TZC_ACTION_INT_ERR 3
+#define TZC_GATE_KEEPER0x08
+
+#define TZC_REGION0_OFFSET 0x100
+#define TZC_REGION_CFG_SIZE0x20
+#define TZC_REGION1_OFFSET 0x120
+#define TZC_REGION_BASE0x00
+#define TZC_REGION_TOP 0x08
+#define TZC_REGION_ATTRIBUTE 0x10
+#define TZC_REGION_ACCESS 0x14
+
+static uint32_t tzc_read(uintptr_t tzc, size_t reg)
+{
+ return readl(tzc + reg);
+}
+
+static void tzc_write(uintptr_t tzc, size_t reg, uint32_t val)
+{
+ writel(val, tzc + reg);
+}
+
+static uint16_t tzc_config_get_active_filters(const struct tzc_region *cfg)
+{
+ uint16_t active_filters = 0;
+
+ for ( ; cfg->top != 0; cfg++)
+ active_filters |= cfg->filters_mask;
+
+ return active_filters;
+}
+
+int tzc_configure(uintptr_t tzc, const struct tzc_region *cfg)
+{
+ uintptr_t region = tzc + TZC_REGION1_OFFSET;
+ uint32_t nsid, attr_reg, active_filters;
+ int ret;
+
+ active_filters = tzc_config_get_active_filters(cfg);
+ if (active_filters == 0)
+ return -EINVAL;
+
+ ret = tzc_disable_filters(tzc, active_filters);
+ if (ret < 0)
+ return ret;
+
+ for ( ; cfg->top != 0; cfg++, region += TZC_REGION_CFG_SIZE) {
+ attr_reg = (cfg->sec_mode & 0x03) << 30;
+ attr_reg |= (cfg->filters_mask & 0x03) << 0;
+ nsid = cfg->nsec_id & 0x;
+ nsid |= nsid << 16;
+
+ tzc_write(region, TZC_REGION_BASE, cfg->base);
+ tzc_write(region, TZC_REGION_TOP, cfg->top);
+ tzc_write(region, TZC_REGION_ACCESS, nsid);
+ tzc_write(region, TZC_REGION_ATTRIBUTE, attr_reg);
+ }
+
+ tzc_write(tzc, TZC_ACTION, TZC_ACTION_ERR);
+ return tzc_enable_filters(tzc, active_filters);
+}
+
+int tzc_disable_filters(uintptr_t tzc, uint16_t filters_mask)
+{
+ uint32_t gate = tzc_r
[PATCH v5 4/5] stm32mp1: spl: Configure TrustZone controller for OP-TEE
OP-TEE is very particular about how the TZC should be configured.
When booting an OP-TEE payload, an incorrect TZC configuration will
result in a panic.
Most information can be derived from the SPL devicetree. The only
information we don't have is the split between TZDRAM and shared
memory. This has to be hardcoded. The rest of the configuration is
fairly easy, and only requires 3 TZC regions. Configure them.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 92 +
1 file changed, 92 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index b53659a698..405eff68a3 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -11,11 +11,13 @@
#include
#include
#include
+#include
#include
#include
#include
#include
#include
+#include
#include
u32 spl_boot_device(void)
@@ -92,6 +94,96 @@ __weak int board_early_init_f(void)
return 0;
}
+uint32_t stm32mp_get_dram_size(void)
+{
+ struct ram_info ram;
+ struct udevice *dev;
+ int ret;
+
+ if (uclass_get_device(UCLASS_RAM, 0, ))
+ return 0;
+
+ ret = ram_get_info(dev, );
+ if (ret)
+ return 0;
+
+ return ram.size;
+}
+
+static int optee_get_reserved_memory(uint32_t *start, uint32_t *size)
+{
+ phys_size_t fdt_mem_size;
+ fdt_addr_t fdt_start;
+ ofnode node;
+
+ node = ofnode_path("/reserved-memory/optee");
+ if (!ofnode_valid(node))
+ return 0;
+
+ fdt_start = ofnode_get_addr_size(node, "reg", _mem_size);
+ *start = fdt_start;
+ *size = fdt_mem_size;
+ return (fdt_start < 0) ? fdt_start : 0;
+}
+
+#define CFG_SHMEM_SIZE 0x20
+#define STM32_TZC_NSID_ALL 0x
+#define STM32_TZC_FILTER_ALL 3
+
+void stm32_init_tzc_for_optee(void)
+{
+ const uint32_t dram_size = stm32mp_get_dram_size();
+ const uintptr_t dram_top = STM32_DDR_BASE + (dram_size - 1);
+ uint32_t optee_base, optee_size, tee_shmem_base;
+ const uintptr_t tzc = STM32_TZC_BASE;
+ int ret;
+
+ if (dram_size == 0)
+ panic("Cannot determine DRAM size from devicetree\n");
+
+ ret = optee_get_reserved_memory(_base, _size);
+ if (ret < 0 || optee_size <= CFG_SHMEM_SIZE)
+ panic("Invalid OPTEE reserved memory in devicetree\n");
+
+ tee_shmem_base = optee_base + optee_size - CFG_SHMEM_SIZE;
+
+ const struct tzc_region optee_config[] = {
+ {
+ .base = STM32_DDR_BASE,
+ .top = optee_base - 1,
+ .sec_mode = TZC_ATTR_SEC_NONE,
+ .nsec_id = STM32_TZC_NSID_ALL,
+ .filters_mask = STM32_TZC_FILTER_ALL,
+ }, {
+ .base = optee_base,
+ .top = tee_shmem_base - 1,
+ .sec_mode = TZC_ATTR_SEC_RW,
+ .nsec_id = 0,
+ .filters_mask = STM32_TZC_FILTER_ALL,
+ }, {
+ .base = tee_shmem_base,
+ .top = dram_top,
+ .sec_mode = TZC_ATTR_SEC_NONE,
+ .nsec_id = STM32_TZC_NSID_ALL,
+ .filters_mask = STM32_TZC_FILTER_ALL,
+ }, {
+ .top = 0,
+ }
+ };
+
+ flush_dcache_all();
+
+ tzc_configure(tzc, optee_config);
+ tzc_dump_config(tzc);
+
+ dcache_disable();
+}
+
+void spl_board_prepare_for_optee(void *fdt)
+{
+ stm32_init_tzc_for_optee();
+}
+
void board_init_f(ulong dummy)
{
struct udevice *dev;
--
2.31.1
[PATCH v5 2/5] spl: Introduce spl_board_prepare_for_optee() hook
OP-TEE requires some particular setup, which is not needed for linux
or other payloads. Add a hook for platform-specific code to perform
any OP-TEE related configuration and initialization.
A weak function is used because it is symmetrical to other
spl_board_prepare_for_*() implementations. A solution to avoid the use
of weak functions would trivially apply to all these implementations.
However, re-designing this is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Tom Rini
Reviewed-by: Simon Glass
Reviewed-by: Patrick Delaunay
---
common/spl/spl.c | 5 +
include/spl.h| 14 ++
2 files changed, 19 insertions(+)
diff --git a/common/spl/spl.c b/common/spl/spl.c
index eba77cace6..2919fa3e92 100644
--- a/common/spl/spl.c
+++ b/common/spl/spl.c
@@ -167,6 +167,10 @@ __weak void spl_board_prepare_for_linux(void)
/* Nothing to do! */
}
+__weak void spl_board_prepare_for_optee(void *fdt)
+{
+}
+
__weak void spl_board_prepare_for_boot(void)
{
/* Nothing to do! */
@@ -747,6 +751,7 @@ void board_init_r(gd_t *dummy1, ulong dummy2)
#if CONFIG_IS_ENABLED(OPTEE)
case IH_OS_TEE:
debug("Jumping to U-Boot via OP-TEE\n");
+ spl_board_prepare_for_optee(spl_image.fdt_addr);
spl_optee_entry(NULL, NULL, spl_image.fdt_addr,
(void *)spl_image.entry_point);
break;
diff --git a/include/spl.h b/include/spl.h
index cee9a42ddb..04ab2b6d7d 100644
--- a/include/spl.h
+++ b/include/spl.h
@@ -388,6 +388,20 @@ int spl_parse_image_header(struct spl_image_info
*spl_image,
const struct image_header *header);
void spl_board_prepare_for_linux(void);
+
+/**
+ * spl_board_prepare_for_optee() - Prepare board for an OPTEE payload
+ *
+ * Prepares the board for booting an OP-TEE payload. Initialization is platform
+ * specific, and may include configuring the TrustZone memory, and other
+ * initialization steps required by OP-TEE.
+ * Note that @fdt is not used directly by OP-TEE. OP-TEE passes this @fdt to
+ * its normal world target. This target is not guaranteed to be u-boot, so @fdt
+ * changes that would normally be done by u-boot should be done in this step.
+ *
+ * @fdt: Devicetree that will be passed on, or NULL
+ */
+void spl_board_prepare_for_optee(void *fdt);
void spl_board_prepare_for_boot(void);
int spl_board_ubi_load_image(u32 boot_device);
int spl_board_boot_device(u32 boot_device);
--
2.31.1
[PATCH v5 1/5] spl: mmc: Support OP-TEE payloads in Falcon mode
In general, Falcon mode means we're booting a linux kernel directly.
With FIT images, however, an OP-TEE secure kernel can be booted before
linux. Thus, if the next stage is an IH_OS_TEE, this isn't necessarily
a problem.
Of course, a general solution would involve mmc_load_image_raw_os()
only loading the binary, and leaving the decision of suitability to
someone else. However, a rework of the boot flow is beyond the scope
of this patch. Accept IH_OS_TEE as a valid OS value.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Tom Rini
Reviewed-by: Patrick Delaunay
---
common/spl/spl_mmc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/spl/spl_mmc.c b/common/spl/spl_mmc.c
index add2785b4e..c6bd3dab12 100644
--- a/common/spl/spl_mmc.c
+++ b/common/spl/spl_mmc.c
@@ -230,8 +230,8 @@ static int mmc_load_image_raw_os(struct spl_image_info
*spl_image,
if (ret)
return ret;
- if (spl_image->os != IH_OS_LINUX) {
- puts("Expected Linux image is not found. Trying to start
U-boot\n");
+ if (spl_image->os != IH_OS_LINUX && spl_image->os != IH_OS_TEE) {
+ puts("Expected image is not found. Trying to start U-boot\n");
return -ENOENT;
}
--
2.31.1
[PATCH v5 0/5] stm32mp: Enable OP-TEE and TZC support in SPL
v4 branch was reported to have some issues with SPL becoming too big on some platforms (e.g. imx6dl_mamoj) This is fixed by dropping the call to genimg_get_os_name(). Alexandru Gagniuc (5): spl: mmc: Support OP-TEE payloads in Falcon mode spl: Introduce spl_board_prepare_for_optee() hook arm: stm32mp: Implement support for TZC 400 controller stm32mp1: spl: Configure TrustZone controller for OP-TEE ARM: dts: stm32mp: Add OP-TEE reserved memory to SPL dtb arch/arm/dts/stm32mp157a-dk1-u-boot.dtsi | 3 + arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/include/mach/tzc.h | 33 ++ arch/arm/mach-stm32mp/spl.c | 92 +++ arch/arm/mach-stm32mp/tzc400.c | 136 +++ common/spl/spl.c | 5 + common/spl/spl_mmc.c | 4 +- include/spl.h| 14 +++ 8 files changed, 286 insertions(+), 2 deletions(-) create mode 100644 arch/arm/mach-stm32mp/include/mach/tzc.h create mode 100644 arch/arm/mach-stm32mp/tzc400.c -- 2.31.1
[PATCH v3 18/19] image: Add support for relocating crypto_algos in linker lists
Function pointers from crypto_algos array are relocated, when
NEEDS_MANUAL_RELOC is set. This relocation doesn't happen if the algo
is placed in a linker list. Implement this relocation.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
Acked-by: Michal Simek
---
common/image-sig.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/common/image-sig.c b/common/image-sig.c
index d680bf7d98..fb0035524e 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -97,6 +97,19 @@ struct crypto_algo *image_get_crypto_algo(const char
*full_name)
struct crypto_algo *crypto, *end;
const char *name;
+#if defined(CONFIG_NEEDS_MANUAL_RELOC)
+ static bool done;
+
+ if (!done) {
+ crypto = ll_entry_start(struct crypto_algo, cryptos);
+ end = ll_entry_end(struct crypto_algo, cryptos);
+ for (; crypto < end; crypto++) {
+ crypto->name += gd->reloc_off;
+ crypto->verify += gd->reloc_off;
+ }
+ }
+#endif
+
/* Move name to after the comma */
name = strchr(full_name, ',');
if (!name)
--
2.31.1
[PATCH v3 19/19] tools: Use a single target-independent config to enable OpenSSL
Host tool features, such as mkimage's ability to sign FIT images were enabled or disabled based on the target configuration. However, this misses the point of a target-agnostic host tool. A target's ability to verify FIT signatures is independent of mkimage's ability to create those signatures. In fact, u-boot's build system doesn't sign images. The target code can be successfully built without relying on any ability to sign such code. Conversely, mkimage's ability to sign images does not require that those images will only work on targets which support FIT verification. Linking mkimage cryptographic features to target support for FIT verification is misguided. Without loss of generality, we can say that host features are and should be independent of target features. While we prefer that a host tool always supports the same feature set, we recognize the following - some users prefer to build u-boot without a dependency on OpenSSL. - some distros prefer to ship mkimage without linking to OpenSSL To allow these use cases, introduce a host-only Kconfig which is used to select or deselect libcrypto support. Some mkimage features or some host tools might not be available, but this shouldn't affect the u-boot build. I also considered setting the default of this config based on FIT_SIGNATURE. While it would preserve the old behaviour it's also contrary to the goals of this change. I decided to enable it by default, so that the default build yields the most feature-complete mkimage. Signed-off-by: Alexandru Gagniuc --- tools/Kconfig | 11 +++ tools/Makefile | 48 +++- 2 files changed, 42 insertions(+), 17 deletions(-) diff --git a/tools/Kconfig b/tools/Kconfig index b2f5012240..d6f82cd949 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -9,4 +9,15 @@ config MKIMAGE_DTC_PATH some cases the system dtc may not support all required features and the path to a different version should be given here. +config TOOLS_LIBCRYPTO + bool "Use OpenSSL's libcrypto library for host tools" + default y + help + Cryptographic signature, verification, and encryption of images is + provided by host tools using OpenSSL's libcrypto. Select 'n' here if + you wish to build host tools without OpenSSL. mkimage will not have + the ability to sign images. + This selection does not affect target features, such as runtime FIT + signature verification. + endmenu diff --git a/tools/Makefile b/tools/Makefile index 722355e984..bae3f95c49 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -3,6 +3,25 @@ # (C) Copyright 2000-2006 # Wolfgang Denk, DENX Software Engineering, w...@denx.de. +# A note on target vs host configuration: +# +# Host tools can be used across multiple targets, or different configurations +# of the same target. Thus, host tools must be able to handle any combination +# of target configurations. To prevent having different variations of the same +# tool, the tool build options may not depend on target configuration. +# +# Some linux distributions package these utilities as u-boot-tools, and it +# would be unmaintainable to have a different tool variation for each +# arch or configuration. +# +# A couple of simple rules: +# +# 1) Do not use target CONFIG_* options to enable or disable features in host +#tools. Only use the configs from tools/Kconfig +# 2) It's okay to use target configs to disable building specific tools. +#That's as long as the features of those tools aren't modified. +# + # Enable all the config-independent tools ifneq ($(HOST_TOOLS_ALL),) CONFIG_ARCH_KIRKWOOD = y @@ -53,30 +72,30 @@ hostprogs-y += mkenvimage mkenvimage-objs := mkenvimage.o os_support.o lib/crc32.o hostprogs-y += dumpimage mkimage -hostprogs-$(CONFIG_FIT_SIGNATURE) += fit_info fit_check_sign +hostprogs-$(CONFIG_TOOLS_LIBCRYPTO) += fit_info fit_check_sign hostprogs-$(CONFIG_CMD_BOOTEFI_SELFTEST) += file2include -FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o -FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := image-sig-host.o common/image-fit-sig.o -FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o +FIT_OBJS-y := fit_common.o fit_image.o image-host.o common/image-fit.o +FIT_SIG_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := image-sig-host.o common/image-fit-sig.o +FIT_CIPHER_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := common/image-cipher.o # The following files are synced with upstream DTC. # Use synced versions from scripts/dtc/libfdt/. LIBFDT_OBJS := $(addprefix libfdt/, fdt.o fdt_ro.o fdt_wip.o fdt_sw.o fdt_rw.o \ fdt_strerror.o fdt_empty_tree.o fdt_addresses.o fdt_overlay.o) -RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \ +RSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/rsa/, \ rsa-sign.o rsa-verify.o \ rsa
[PATCH v3 16/19] image: Eliminate IMAGE_ENABLE_VERIFY macro
This macro is no longer needed for code flow or #ifdefs. Remove it.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
include/image.h | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/include/image.h b/include/image.h
index d4c453428c..64663c591b 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1196,19 +1196,16 @@ int calculate_hash(const void *data, int data_len,
const char *algo,
#if defined(USE_HOSTCC)
# if defined(CONFIG_FIT_SIGNATURE)
# define IMAGE_ENABLE_SIGN1
-# define IMAGE_ENABLE_VERIFY 1
# define IMAGE_ENABLE_VERIFY_ECDSA1
# define FIT_IMAGE_ENABLE_VERIFY 1
# include
# else
# define IMAGE_ENABLE_SIGN0
-# define IMAGE_ENABLE_VERIFY 0
# define IMAGE_ENABLE_VERIFY_ECDSA 0
# define FIT_IMAGE_ENABLE_VERIFY 0
# endif
#else
# define IMAGE_ENABLE_SIGN 0
-# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY)
# define IMAGE_ENABLE_VERIFY_ECDSA 0
# define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE)
#endif
@@ -1260,7 +1257,7 @@ struct image_region {
int size;
};
-#if IMAGE_ENABLE_VERIFY
+#if FIT_IMAGE_ENABLE_VERIFY
# include
#endif
struct checksum_algo {
--
2.31.1
[PATCH v3 17/19] image: Eliminate IMAGE_ENABLE_VERIFY_ECDSA macro
This macro is no longer needed for code flow or #ifdefs. Remove it. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass --- include/image.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/include/image.h b/include/image.h index 64663c591b..e20f0b69d5 100644 --- a/include/image.h +++ b/include/image.h @@ -1196,17 +1196,14 @@ int calculate_hash(const void *data, int data_len, const char *algo, #if defined(USE_HOSTCC) # if defined(CONFIG_FIT_SIGNATURE) # define IMAGE_ENABLE_SIGN1 -# define IMAGE_ENABLE_VERIFY_ECDSA1 # define FIT_IMAGE_ENABLE_VERIFY 1 # include # else # define IMAGE_ENABLE_SIGN0 -# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY 0 # endif #else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) #endif -- 2.31.1
[PATCH v3 15/19] lib: rsa: Remove #ifdefs from rsa.h
It is no longer necessary to implement rsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the rsa code is no longer linked when unused.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
include/u-boot/rsa.h | 47
1 file changed, 47 deletions(-)
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index bc564d56fa..89a9c4caa0 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -31,7 +31,6 @@ struct rsa_public_key {
struct image_sign_info;
-#if IMAGE_ENABLE_SIGN
/**
* sign() - calculate and return signature for given input data
*
@@ -66,22 +65,7 @@ int rsa_sign(struct image_sign_info *info,
other -ve value on error
*/
int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
-#else
-static inline int rsa_sign(struct image_sign_info *info,
- const struct image_region region[], int region_count,
- uint8_t **sigp, uint *sig_len)
-{
- return -ENXIO;
-}
-
-static inline int rsa_add_verify_data(struct image_sign_info *info,
- void *keydest)
-{
- return -ENXIO;
-}
-#endif
-#if IMAGE_ENABLE_VERIFY
/**
* rsa_verify_hash() - Verify a signature against a hash
*
@@ -124,37 +108,6 @@ int padding_pss_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
#endif /* CONFIG_FIT_RSASSA_PSS */
-#else
-static inline int rsa_verify_hash(struct image_sign_info *info,
- const uint8_t *hash,
- uint8_t *sig, uint sig_len)
-{
- return -ENXIO;
-}
-
-static inline int rsa_verify(struct image_sign_info *info,
- const struct image_region region[], int region_count,
- uint8_t *sig, uint sig_len)
-{
- return -ENXIO;
-}
-
-static inline int padding_pkcs_15_verify(struct image_sign_info *info,
-uint8_t *msg, int msg_len,
-const uint8_t *hash, int hash_len)
-{
- return -ENXIO;
-}
-
-#ifdef CONFIG_FIT_RSASSA_PSS
-static inline int padding_pss_verify(struct image_sign_info *info,
-uint8_t *msg, int msg_len,
-const uint8_t *hash, int hash_len)
-{
- return -ENXIO;
-}
-#endif /* CONFIG_FIT_RSASSA_PSS */
-#endif
#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
--
2.31.1
[PATCH v3 13/19] image: image-sig.c: Remove crypto_algos array
Crytographic algorithms (currently RSA), are stored in linker lists.
The crypto_algos array is unused, so remove it, and any logic
associated with it.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 22 --
1 file changed, 22 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index d996b7ba50..d680bf7d98 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -51,10 +51,6 @@ struct checksum_algo checksum_algos[] = {
};
-struct crypto_algo crypto_algos[] = {
- {
-};
-
struct padding_algo padding_algos[] = {
{
.name = "pkcs-1.5",
@@ -99,32 +95,14 @@ struct checksum_algo *image_get_checksum_algo(const char
*full_name)
struct crypto_algo *image_get_crypto_algo(const char *full_name)
{
struct crypto_algo *crypto, *end;
- int i;
const char *name;
-#if defined(CONFIG_NEEDS_MANUAL_RELOC)
- static bool done;
-
- if (!done) {
- done = true;
- for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
- crypto_algos[i].name += gd->reloc_off;
- crypto_algos[i].verify += gd->reloc_off;
- }
- }
-#endif
-
/* Move name to after the comma */
name = strchr(full_name, ',');
if (!name)
return NULL;
name += 1;
- for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
- if (!strcmp(crypto_algos[i].name, name))
- return _algos[i];
- }
-
crypto = ll_entry_start(struct crypto_algo, cryptos);
end = ll_entry_end(struct crypto_algo, cryptos);
for (; crypto < end; crypto++) {
--
2.31.1
[PATCH v3 09/19] common: Move host-only logic in image-sig.c to separate file
image-sig.c is used to map a hash or crypto algorithm name to a
handler of that algorithm. There is some similarity between the host
and target variants, with the differences worked out by #ifdefs. The
purpose of this change is to remove those ifdefs.
First, copy the file to a host-only version, and remove target
specific code. Although it looks like we are duplicating code,
subsequent patches will change the way target algorithms are searched.
Besides we are only duplicating three string to struct mapping
functions. This isn't something to fuss about.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
tools/Makefile | 2 +-
tools/image-sig-host.c | 133 +
2 files changed, 134 insertions(+), 1 deletion(-)
create mode 100644 tools/image-sig-host.c
diff --git a/tools/Makefile b/tools/Makefile
index d020c55d66..722355e984 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -58,7 +58,7 @@ hostprogs-$(CONFIG_FIT_SIGNATURE) += fit_info fit_check_sign
hostprogs-$(CONFIG_CMD_BOOTEFI_SELFTEST) += file2include
FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o
common/image-fit.o
-FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o
common/image-fit-sig.o
+FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := image-sig-host.o common/image-fit-sig.o
FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o
# The following files are synced with upstream DTC.
diff --git a/tools/image-sig-host.c b/tools/image-sig-host.c
new file mode 100644
index 00..8ed6998dab
--- /dev/null
+++ b/tools/image-sig-host.c
@@ -0,0 +1,133 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2013, Google Inc.
+ */
+
+#include "mkimage.h"
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+struct checksum_algo checksum_algos[] = {
+ {
+ .name = "sha1",
+ .checksum_len = SHA1_SUM_LEN,
+ .der_len = SHA1_DER_LEN,
+ .der_prefix = sha1_der_prefix,
+ .calculate_sign = EVP_sha1,
+ .calculate = hash_calculate,
+ },
+ {
+ .name = "sha256",
+ .checksum_len = SHA256_SUM_LEN,
+ .der_len = SHA256_DER_LEN,
+ .der_prefix = sha256_der_prefix,
+ .calculate_sign = EVP_sha256,
+ .calculate = hash_calculate,
+ },
+ {
+ .name = "sha384",
+ .checksum_len = SHA384_SUM_LEN,
+ .der_len = SHA384_DER_LEN,
+ .der_prefix = sha384_der_prefix,
+ .calculate_sign = EVP_sha384,
+ .calculate = hash_calculate,
+ },
+ {
+ .name = "sha512",
+ .checksum_len = SHA512_SUM_LEN,
+ .der_len = SHA512_DER_LEN,
+ .der_prefix = sha512_der_prefix,
+ .calculate_sign = EVP_sha512,
+ .calculate = hash_calculate,
+ },
+};
+
+struct crypto_algo crypto_algos[] = {
+ {
+ .name = "rsa2048",
+ .key_len = RSA2048_BYTES,
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
+ },
+ {
+ .name = "rsa4096",
+ .key_len = RSA4096_BYTES,
+ .sign = rsa_sign,
+ .add_verify_data = rsa_add_verify_data,
+ .verify = rsa_verify,
+ },
+ {
+ .name = "ecdsa256",
+ .key_len = ECDSA256_BYTES,
+ .sign = ecdsa_sign,
+ .add_verify_data = ecdsa_add_verify_data,
+ .verify = ecdsa_verify,
+ },
+};
+
+struct padding_algo padding_algos[] = {
+ {
+ .name = "pkcs-1.5",
+ .verify = padding_pkcs_15_verify,
+ },
+ {
+ .name = "pss",
+ .verify = padding_pss_verify,
+ }
+};
+
+struct checksum_algo *image_get_checksum_algo(const char *full_name)
+{
+ int i;
+ const char *name;
+
+ for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) {
+ name = checksum_algos[i].name;
+ /* Make sure names match and next char is a comma */
+ if (!strncmp(name, full_name, strlen(name)) &&
+ full_name[strlen(name)] == ',')
+ return _algos[i];
+ }
+
+ return NULL;
+}
+
+struct crypto_algo *image_get_crypto_algo(const char *full_name)
+{
+ int i;
+ const char *name;
+
+ /* Move name to after the comma */
+ name = strchr(full_name, ',');
+ if (!name)
+ return NULL;
+ name += 1;
+
+ for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
+ if (!strcmp(crypto_algos[i].name, name))
+ return _algos[i];
+
[PATCH v3 14/19] lib: ecdsa: Remove #ifdefs from ecdsa.h
It is no longer necessary to implement ecdsa_() functions as no-ops
depending on config options. It is merely sufficient to provide the
prototypes, as the ecdsa code is no longer linked when unused.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
include/u-boot/ecdsa.h | 25 -
1 file changed, 25 deletions(-)
diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
index 979690d966..f6951c7346 100644
--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@@ -15,7 +15,6 @@
* @see "struct crypto_algo"
* @{
*/
-#if IMAGE_ENABLE_SIGN
/**
* sign() - calculate and return signature for given input data
*
@@ -49,22 +48,7 @@ int ecdsa_sign(struct image_sign_info *info, const struct
image_region region[],
* other -ve value on error
*/
int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);
-#else
-static inline
-int ecdsa_sign(struct image_sign_info *info, const struct image_region
region[],
- int region_count, uint8_t **sigp, uint *sig_len)
-{
- return -ENXIO;
-}
-
-static inline
-int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest)
-{
- return -ENXIO;
-}
-#endif
-#if IMAGE_ENABLE_VERIFY_ECDSA
/**
* verify() - Verify a signature against some data
*
@@ -78,15 +62,6 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void
*keydest)
int ecdsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len);
-#else
-static inline
-int ecdsa_verify(struct image_sign_info *info,
-const struct image_region region[], int region_count,
-uint8_t *sig, uint sig_len)
-{
- return -ENXIO;
-}
-#endif
/** @} */
#define ECDSA256_BYTES (256 / 8)
--
2.31.1
[PATCH v3 11/19] image: Add support for placing crypto_algo in linker lists
The purpose of this change is to enable crypto algorithms to be placed
in linker lists, rather than be declared as a static array. The goal
is to remove the crypto_algos array in a subsequent patch.
Create a new linker list named "cryptos", and search it when
image_get_crypto_algo() is invoked.
NOTE that adding support for manual relocation of crypto_algos within
linker lists is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 9 +
include/image.h| 5 +
2 files changed, 14 insertions(+)
diff --git a/common/image-sig.c b/common/image-sig.c
index 5e2d171975..81a3b739fe 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -107,6 +107,7 @@ struct checksum_algo *image_get_checksum_algo(const char
*full_name)
struct crypto_algo *image_get_crypto_algo(const char *full_name)
{
+ struct crypto_algo *crypto, *end;
int i;
const char *name;
@@ -133,6 +134,14 @@ struct crypto_algo *image_get_crypto_algo(const char
*full_name)
return _algos[i];
}
+ crypto = ll_entry_start(struct crypto_algo, cryptos);
+ end = ll_entry_end(struct crypto_algo, cryptos);
+ for (; crypto < end; crypto++) {
+ if (!strcmp(crypto->name, name))
+ return crypto;
+ }
+
+ /* Not found */
return NULL;
}
diff --git a/include/image.h b/include/image.h
index 8b420f2c02..d4c453428c 100644
--- a/include/image.h
+++ b/include/image.h
@@ -47,6 +47,7 @@ struct fdt_region;
#include
#include
#include
+#include
/* Take notice of the 'ignore' property for hashes */
#define IMAGE_ENABLE_IGNORE1
@@ -1328,6 +1329,10 @@ struct crypto_algo {
uint8_t *sig, uint sig_len);
};
+/* Declare a new U-Boot crypto algorithm handler */
+#define U_BOOT_CRYPTO_ALGO(__name)
\
+ll_entry_declare(struct crypto_algo, __name, cryptos)
+
struct padding_algo {
const char *name;
int (*verify)(struct image_sign_info *info,
--
2.31.1
[PATCH v3 06/19] image: Drop IMAGE_ENABLE_SHA1
From: Simon Glass
We already have a host Kconfig for SHA1. Use CONFIG_IS_ENABLED(SHA1)
directly in the code shared with the host build, so we can drop the
unnecessary indirection.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/image-fit.c | 2 +-
include/image.h| 8
2 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 0c5a05948d..085bdf76d2 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1218,7 +1218,7 @@ int calculate_hash(const void *data, int data_len, const
char *algo,
CHUNKSZ_CRC32);
*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
*value_len = 4;
- } else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
+ } else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
sha1_csum_wd((unsigned char *)data, data_len,
(unsigned char *)value, CHUNKSZ_SHA1);
*value_len = 20;
diff --git a/include/image.h b/include/image.h
index 124448f9e4..bca9033e7f 100644
--- a/include/image.h
+++ b/include/image.h
@@ -68,13 +68,9 @@ struct fdt_region;
# ifdef CONFIG_SPL_MD5
# define IMAGE_ENABLE_MD51
# endif
-# ifdef CONFIG_SPL_FIT_SHA1
-# define IMAGE_ENABLE_SHA1 1
-# endif
# else
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
-# define IMAGE_ENABLE_SHA11
# endif
#ifndef IMAGE_ENABLE_CRC32
@@ -85,10 +81,6 @@ struct fdt_region;
#define IMAGE_ENABLE_MD5 0
#endif
-#ifndef IMAGE_ENABLE_SHA1
-#define IMAGE_ENABLE_SHA1 0
-#endif
-
#if defined(CONFIG_FIT_SHA256) || \
defined(CONFIG_SPL_FIT_SHA256)
#define IMAGE_ENABLE_SHA2561
--
2.31.1
[PATCH v3 03/19] image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
From: Simon Glass
Drop the ENABLE and SUPPORT parts of this, which are redundant.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot | 2 +-
common/image-sig.c | 4 ++--
configs/bcm963158_ram_defconfig | 2 +-
configs/sandbox_defconfig | 2 +-
include/image.h | 2 +-
include/u-boot/rsa.h| 8
lib/rsa/rsa-sign.c | 4 ++--
lib/rsa/rsa-verify.c| 2 +-
8 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index d28ce96a28..ae3f2b6f62 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -103,7 +103,7 @@ config FIT_SIGNATURE_MAX_SIZE
device memory. Assure this size does not extend past expected storage
space.
-config FIT_ENABLE_RSASSA_PSS_SUPPORT
+config FIT_RSASSA_PSS
bool "Support rsassa-pss signature scheme of FIT image contents"
depends on FIT_SIGNATURE
default n
diff --git a/common/image-sig.c b/common/image-sig.c
index 0f8e592aba..8b5cecbfa4 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -99,12 +99,12 @@ struct padding_algo padding_algos[] = {
.name = "pkcs-1.5",
.verify = padding_pkcs_15_verify,
},
-#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+#ifdef CONFIG_FIT_RSASSA_PSS
{
.name = "pss",
.verify = padding_pss_verify,
}
-#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+#endif /* CONFIG_FIT_RSASSA_PSS */
};
struct checksum_algo *image_get_checksum_algo(const char *full_name)
diff --git a/configs/bcm963158_ram_defconfig b/configs/bcm963158_ram_defconfig
index 4eb3986c61..f7f1b35389 100644
--- a/configs/bcm963158_ram_defconfig
+++ b/configs/bcm963158_ram_defconfig
@@ -11,7 +11,7 @@ CONFIG_TARGET_BCM963158=y
CONFIG_ENV_VARS_UBOOT_CONFIG=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
-CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT=y
+CONFIG_FIT_RSASSA_PSS=y
CONFIG_FIT_VERBOSE=y
CONFIG_LEGACY_IMAGE_FORMAT=y
CONFIG_SUPPORT_RAW_INITRD=y
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index fc687e3c52..1655bb1e8a 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -10,7 +10,7 @@ CONFIG_DEBUG_UART=y
CONFIG_DISTRO_DEFAULTS=y
CONFIG_FIT=y
CONFIG_FIT_SIGNATURE=y
-CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT=y
+CONFIG_FIT_RSASSA_PSS=y
CONFIG_FIT_CIPHER=y
CONFIG_FIT_VERBOSE=y
CONFIG_BOOTSTAGE=y
diff --git a/include/image.h b/include/image.h
index bf92f6235d..b242007b9c 100644
--- a/include/image.h
+++ b/include/image.h
@@ -30,7 +30,7 @@ struct fdt_region;
#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
-#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
+#define CONFIG_FIT_RSASSA_PSS 1
#define CONFIG_FIT_SHA256
#define CONFIG_FIT_SHA384
#define CONFIG_FIT_SHA512
diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index bed1c097c2..bc564d56fa 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -119,11 +119,11 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
-#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+#ifdef CONFIG_FIT_RSASSA_PSS
int padding_pss_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len);
-#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+#endif /* CONFIG_FIT_RSASSA_PSS */
#else
static inline int rsa_verify_hash(struct image_sign_info *info,
const uint8_t *hash,
@@ -146,14 +146,14 @@ static inline int padding_pkcs_15_verify(struct
image_sign_info *info,
return -ENXIO;
}
-#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+#ifdef CONFIG_FIT_RSASSA_PSS
static inline int padding_pss_verify(struct image_sign_info *info,
uint8_t *msg, int msg_len,
const uint8_t *hash, int hash_len)
{
return -ENXIO;
}
-#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
+#endif /* CONFIG_FIT_RSASSA_PSS */
#endif
#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 5a1583b8f7..f4ed11e74a 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -442,7 +442,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct
padding_algo *padding_algo,
goto err_sign;
}
-#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
+#ifdef CONFIG_FIT_RSASSA_PSS
if (padding_algo && !strcmp(padding_algo->name, "pss")) {
if (EVP_PKEY_CTX_set_rsa_padding(ckey,
RSA_PKCS1_PSS_PADDING) <= 0) {
[PATCH v3 10/19] common: image-sig.c: Remove host-specific logic and #ifdefs
Remove any ifdefs in image-sig.c that were previously used to
differentiate from the host code. Note that all code dedicated to
relocating ->sign() and ->add_verify_data)_ can be safely removed,
as signing is not supported target-side.
NOTE that although it appears we are removing ecdsa256 support, this
is intentional. ecdsa_verify() is a no-op on the target, and is
currently only used by host code.
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 39 ++-
1 file changed, 2 insertions(+), 37 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 8b5cecbfa4..5e2d171975 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -3,18 +3,11 @@
* Copyright (c) 2013, Google Inc.
*/
-#ifdef USE_HOSTCC
-#include "mkimage.h"
-#include
-#include
-#include
-#else
#include
#include
#include
#include
DECLARE_GLOBAL_DATA_PTR;
-#endif /* !USE_HOSTCC*/
#include
#include
#include
@@ -28,9 +21,6 @@ struct checksum_algo checksum_algos[] = {
.checksum_len = SHA1_SUM_LEN,
.der_len = SHA1_DER_LEN,
.der_prefix = sha1_der_prefix,
-#if IMAGE_ENABLE_SIGN
- .calculate_sign = EVP_sha1,
-#endif
.calculate = hash_calculate,
},
{
@@ -38,9 +28,6 @@ struct checksum_algo checksum_algos[] = {
.checksum_len = SHA256_SUM_LEN,
.der_len = SHA256_DER_LEN,
.der_prefix = sha256_der_prefix,
-#if IMAGE_ENABLE_SIGN
- .calculate_sign = EVP_sha256,
-#endif
.calculate = hash_calculate,
},
#ifdef CONFIG_SHA384
@@ -49,9 +36,6 @@ struct checksum_algo checksum_algos[] = {
.checksum_len = SHA384_SUM_LEN,
.der_len = SHA384_DER_LEN,
.der_prefix = sha384_der_prefix,
-#if IMAGE_ENABLE_SIGN
- .calculate_sign = EVP_sha384,
-#endif
.calculate = hash_calculate,
},
#endif
@@ -61,9 +45,6 @@ struct checksum_algo checksum_algos[] = {
.checksum_len = SHA512_SUM_LEN,
.der_len = SHA512_DER_LEN,
.der_prefix = sha512_der_prefix,
-#if IMAGE_ENABLE_SIGN
- .calculate_sign = EVP_sha512,
-#endif
.calculate = hash_calculate,
},
#endif
@@ -74,24 +55,13 @@ struct crypto_algo crypto_algos[] = {
{
.name = "rsa2048",
.key_len = RSA2048_BYTES,
- .sign = rsa_sign,
- .add_verify_data = rsa_add_verify_data,
.verify = rsa_verify,
},
{
.name = "rsa4096",
.key_len = RSA4096_BYTES,
- .sign = rsa_sign,
- .add_verify_data = rsa_add_verify_data,
.verify = rsa_verify,
},
- {
- .name = "ecdsa256",
- .key_len = ECDSA256_BYTES,
- .sign = ecdsa_sign,
- .add_verify_data = ecdsa_add_verify_data,
- .verify = ecdsa_verify,
- },
};
struct padding_algo padding_algos[] = {
@@ -112,16 +82,13 @@ struct checksum_algo *image_get_checksum_algo(const char
*full_name)
int i;
const char *name;
-#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC)
+#if defined(CONFIG_NEEDS_MANUAL_RELOC)
static bool done;
if (!done) {
done = true;
for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) {
checksum_algos[i].name += gd->reloc_off;
-#if IMAGE_ENABLE_SIGN
- checksum_algos[i].calculate_sign += gd->reloc_off;
-#endif
checksum_algos[i].calculate += gd->reloc_off;
}
}
@@ -143,15 +110,13 @@ struct crypto_algo *image_get_crypto_algo(const char
*full_name)
int i;
const char *name;
-#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC)
+#if defined(CONFIG_NEEDS_MANUAL_RELOC)
static bool done;
if (!done) {
done = true;
for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
crypto_algos[i].name += gd->reloc_off;
- crypto_algos[i].sign += gd->reloc_off;
- crypto_algos[i].add_verify_data += gd->reloc_off;
crypto_algos[i].verify += gd->reloc_off;
}
}
--
2.31.1
[PATCH v3 07/19] image: Drop IMAGE_ENABLE_SHAxxx
From: Simon Glass
We already have a host Kconfig for these SHA options. Use
CONFIG_IS_ENABLED(SHAxxx) directly in the code shared with the host build,
so we can drop the unnecessary indirections.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/image-fit.c | 6 +++---
include/image.h| 21 -
2 files changed, 3 insertions(+), 24 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index 085bdf76d2..b7e1d33340 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1222,15 +1222,15 @@ int calculate_hash(const void *data, int data_len,
const char *algo,
sha1_csum_wd((unsigned char *)data, data_len,
(unsigned char *)value, CHUNKSZ_SHA1);
*value_len = 20;
- } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
+ } else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
sha256_csum_wd((unsigned char *)data, data_len,
(unsigned char *)value, CHUNKSZ_SHA256);
*value_len = SHA256_SUM_LEN;
- } else if (IMAGE_ENABLE_SHA384 && strcmp(algo, "sha384") == 0) {
+ } else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
sha384_csum_wd((unsigned char *)data, data_len,
(unsigned char *)value, CHUNKSZ_SHA384);
*value_len = SHA384_SUM_LEN;
- } else if (IMAGE_ENABLE_SHA512 && strcmp(algo, "sha512") == 0) {
+ } else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
sha512_csum_wd((unsigned char *)data, data_len,
(unsigned char *)value, CHUNKSZ_SHA512);
*value_len = SHA512_SUM_LEN;
diff --git a/include/image.h b/include/image.h
index bca9033e7f..dbb9bd0174 100644
--- a/include/image.h
+++ b/include/image.h
@@ -81,27 +81,6 @@ struct fdt_region;
#define IMAGE_ENABLE_MD5 0
#endif
-#if defined(CONFIG_FIT_SHA256) || \
- defined(CONFIG_SPL_FIT_SHA256)
-#define IMAGE_ENABLE_SHA2561
-#else
-#define IMAGE_ENABLE_SHA2560
-#endif
-
-#if defined(CONFIG_FIT_SHA384) || \
- defined(CONFIG_SPL_FIT_SHA384)
-#define IMAGE_ENABLE_SHA3841
-#else
-#define IMAGE_ENABLE_SHA3840
-#endif
-
-#if defined(CONFIG_FIT_SHA512) || \
- defined(CONFIG_SPL_FIT_SHA512)
-#define IMAGE_ENABLE_SHA5121
-#else
-#define IMAGE_ENABLE_SHA5120
-#endif
-
#endif /* IMAGE_ENABLE_FIT */
#ifdef CONFIG_SYS_BOOT_GET_CMDLINE
--
2.31.1
[PATCH v3 12/19] image: rsa: Move verification algorithm to a linker list
Move the RSA verification crytpo_algo structure out of the
crypto_algos array, and into a linker list.
Although it appears we are adding an #ifdef to rsa-verify.c, the gains
outweigh this small inconvenience. This is because rsa_verify() is
defined differently based on #ifdefs. This change allows us to have
a single definition of rsa_verify().
Signed-off-by: Alexandru Gagniuc
Reviewed-by: Simon Glass
---
common/image-sig.c | 9 -
lib/rsa/rsa-verify.c | 16
2 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/common/image-sig.c b/common/image-sig.c
index 81a3b739fe..d996b7ba50 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -53,15 +53,6 @@ struct checksum_algo checksum_algos[] = {
struct crypto_algo crypto_algos[] = {
{
- .name = "rsa2048",
- .key_len = RSA2048_BYTES,
- .verify = rsa_verify,
- },
- {
- .name = "rsa4096",
- .key_len = RSA4096_BYTES,
- .verify = rsa_verify,
- },
};
struct padding_algo padding_algos[] = {
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 1998c773fc..bb8cc61d94 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -571,3 +571,19 @@ int rsa_verify(struct image_sign_info *info,
return rsa_verify_hash(info, hash, sig, sig_len);
}
+
+#ifndef USE_HOSTCC
+
+U_BOOT_CRYPTO_ALGO(rsa2048) = {
+ .name = "rsa2048",
+ .key_len = RSA2048_BYTES,
+ .verify = rsa_verify,
+};
+
+U_BOOT_CRYPTO_ALGO(rsa4096) = {
+ .name = "rsa4096",
+ .key_len = RSA4096_BYTES,
+ .verify = rsa_verify,
+};
+
+#endif
--
2.31.1
[PATCH v3 08/19] image: Drop IMAGE_ENABLE_BEST_MATCH
From: Simon Glass
This is not needed with Kconfig, since we can use IS_ENABLED() easily
enough. Drop it.
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/image-fit.c | 2 +-
include/image.h| 5 -
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/common/image-fit.c b/common/image-fit.c
index b7e1d33340..dcdf61844a 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -2026,7 +2026,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
* fit_conf_get_node() will try to find default config node
*/
bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME);
- if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) {
+ if (IS_ENABLED(CONFIG_FIT_BEST_MATCH) && !fit_uname_config) {
cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob());
} else {
cfg_noffset = fit_conf_get_node(fit,
diff --git a/include/image.h b/include/image.h
index dbb9bd0174..8b420f2c02 100644
--- a/include/image.h
+++ b/include/image.h
@@ -1221,11 +1221,6 @@ void image_set_host_blob(void *host_blob);
# define gd_fdt_blob() (gd->fdt_blob)
#endif
-#ifdef CONFIG_FIT_BEST_MATCH
-#define IMAGE_ENABLE_BEST_MATCH1
-#else
-#define IMAGE_ENABLE_BEST_MATCH0
-#endif
#endif /* IMAGE_ENABLE_FIT */
/*
--
2.31.1
[PATCH v3 05/19] Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5
From: Simon Glass Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this option. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- common/spl/Kconfig | 2 +- include/image.h| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 896526aec6..2df3e5d869 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -417,7 +417,7 @@ config SPL_CRC32 for detected accidental image corruption. For secure applications you should consider SHA1 or SHA256. -config SPL_MD5_SUPPORT +config SPL_MD5 bool "Support MD5" depends on SPL_FIT help diff --git a/include/image.h b/include/image.h index e2037d3159..124448f9e4 100644 --- a/include/image.h +++ b/include/image.h @@ -65,7 +65,7 @@ struct fdt_region; # ifdef CONFIG_SPL_CRC32 # define IMAGE_ENABLE_CRC32 1 # endif -# ifdef CONFIG_SPL_MD5_SUPPORT +# ifdef CONFIG_SPL_MD5 # define IMAGE_ENABLE_MD51 # endif # ifdef CONFIG_SPL_FIT_SHA1 -- 2.31.1
[PATCH v3 04/19] Kconfig: Rename SPL_CRC32_SUPPORT to SPL_CRC32
From: Simon Glass Drop the _SUPPORT suffix so we can use CONFIG_IS_ENABLED() with this option. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- common/spl/Kconfig| 4 ++-- configs/axm_defconfig | 2 +- configs/chromebit_mickey_defconfig| 2 +- configs/chromebook_jerry_defconfig| 2 +- configs/chromebook_minnie_defconfig | 2 +- configs/chromebook_speedy_defconfig | 2 +- configs/evb-px30_defconfig| 2 +- configs/firefly-px30_defconfig| 2 +- configs/imxrt1020-evk_defconfig | 2 +- configs/imxrt1050-evk_defconfig | 2 +- configs/odroid-go2_defconfig | 2 +- configs/px30-core-ctouch2-px30_defconfig | 2 +- configs/px30-core-edimm2.2-px30_defconfig | 2 +- configs/socfpga_agilex_atf_defconfig | 2 +- configs/socfpga_agilex_vab_defconfig | 2 +- configs/socfpga_stratix10_atf_defconfig | 2 +- configs/taurus_defconfig | 2 +- include/image.h | 2 +- 18 files changed, 19 insertions(+), 19 deletions(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 2b89ce71c1..896526aec6 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -204,7 +204,7 @@ config SPL_LEGACY_IMAGE_SUPPORT config SPL_LEGACY_IMAGE_CRC_CHECK bool "Check CRC of Legacy images" depends on SPL_LEGACY_IMAGE_SUPPORT - select SPL_CRC32_SUPPORT + select SPL_CRC32 help Enable this to check the CRC of Legacy images. While this increases reliability, it affects both code size and boot duration. @@ -407,7 +407,7 @@ config SYS_MMCSD_RAW_MODE_EMMC_BOOT_PARTITION the eMMC EXT_CSC_PART_CONFIG selection should be overridden in SPL by user defined partition number. -config SPL_CRC32_SUPPORT +config SPL_CRC32 bool "Support CRC32" default y if SPL_LEGACY_IMAGE_SUPPORT help diff --git a/configs/axm_defconfig b/configs/axm_defconfig index b613c5f8cd..cb64296993 100644 --- a/configs/axm_defconfig +++ b/configs/axm_defconfig @@ -32,7 +32,7 @@ CONFIG_BOOTCOMMAND="run flash_self" CONFIG_BOARD_EARLY_INIT_F=y # CONFIG_SPL_LEGACY_IMAGE_SUPPORT is not set CONFIG_SPL_SYS_MALLOC_SIMPLE=y -CONFIG_SPL_CRC32_SUPPORT=y +CONFIG_SPL_CRC32=y CONFIG_SPL_NAND_SUPPORT=y CONFIG_SPL_NAND_DRIVERS=y CONFIG_SPL_NAND_ECC=y diff --git a/configs/chromebit_mickey_defconfig b/configs/chromebit_mickey_defconfig index d652ab807d..0e63424605 100644 --- a/configs/chromebit_mickey_defconfig +++ b/configs/chromebit_mickey_defconfig @@ -25,7 +25,7 @@ CONFIG_BOARD_EARLY_INIT_R=y CONFIG_SPL_STACK_R=y CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000 # CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set -# CONFIG_SPL_CRC32_SUPPORT is not set +# CONFIG_SPL_CRC32 is not set CONFIG_SPL_SPI_LOAD=y CONFIG_CMD_GPIO=y CONFIG_CMD_GPT=y diff --git a/configs/chromebook_jerry_defconfig b/configs/chromebook_jerry_defconfig index 5bb2735c41..dc5d06d65f 100644 --- a/configs/chromebook_jerry_defconfig +++ b/configs/chromebook_jerry_defconfig @@ -26,7 +26,7 @@ CONFIG_BOARD_EARLY_INIT_R=y CONFIG_SPL_STACK_R=y CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000 # CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set -# CONFIG_SPL_CRC32_SUPPORT is not set +# CONFIG_SPL_CRC32 is not set CONFIG_SPL_SPI_LOAD=y CONFIG_CMD_GPIO=y CONFIG_CMD_GPT=y diff --git a/configs/chromebook_minnie_defconfig b/configs/chromebook_minnie_defconfig index 2549c49e8b..0a1d5930f6 100644 --- a/configs/chromebook_minnie_defconfig +++ b/configs/chromebook_minnie_defconfig @@ -26,7 +26,7 @@ CONFIG_BOARD_EARLY_INIT_R=y CONFIG_SPL_STACK_R=y CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000 # CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set -# CONFIG_SPL_CRC32_SUPPORT is not set +# CONFIG_SPL_CRC32 is not set CONFIG_SPL_SPI_LOAD=y CONFIG_CMD_GPIO=y CONFIG_CMD_GPT=y diff --git a/configs/chromebook_speedy_defconfig b/configs/chromebook_speedy_defconfig index 8f7c70a8df..709af4cad5 100644 --- a/configs/chromebook_speedy_defconfig +++ b/configs/chromebook_speedy_defconfig @@ -26,7 +26,7 @@ CONFIG_BOARD_EARLY_INIT_R=y CONFIG_SPL_STACK_R=y CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x2000 # CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR is not set -# CONFIG_SPL_CRC32_SUPPORT is not set +# CONFIG_SPL_CRC32 is not set CONFIG_SPL_SPI_LOAD=y CONFIG_CMD_GPIO=y CONFIG_CMD_GPT=y diff --git a/configs/evb-px30_defconfig b/configs/evb-px30_defconfig index 8bcf8edec5..d3b52c127a 100644 --- a/configs/evb-px30_defconfig +++ b/configs/evb-px30_defconfig @@ -29,7 +29,7 @@ CONFIG_SPL_BOOTROM_SUPPORT=y # CONFIG_SPL_RAW_IMAGE_SUPPORT is not set CONFIG_SPL_STACK_R=y # CONFIG_TPL_BANNER_PRINT is not set -CONFIG_SPL_CRC32_SUPPORT=y +CONFIG_SPL_CRC32=y CONFIG_SPL_ATF=y # CONFIG_TPL_FRAMEWORK is not set # CONFIG_CMD_BOOTD is not set diff --git a/configs/firefly-px30_defconfig b/
[PATCH v3 02/19] image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx
From: Simon Glass These option are named inconsistently with other SPL options, thus making them incompatible with the CONFIG_IS_ENABLED() macro. Rename them. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Signed-off-by: Alexandru Gagniuc --- common/spl/Kconfig | 8 include/image.h| 8 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index fa80524cfb..2b89ce71c1 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -429,7 +429,7 @@ config SPL_MD5_SUPPORT applications where images may be changed maliciously, you should consider SHA256 or SHA384. -config SPL_SHA1_SUPPORT +config SPL_FIT_SHA1 bool "Support SHA1" depends on SPL_FIT select SHA1 @@ -441,7 +441,7 @@ config SPL_SHA1_SUPPORT due to the expanding computing power available to brute-force attacks. For more security, consider SHA256 or SHA384. -config SPL_SHA256_SUPPORT +config SPL_FIT_SHA256 bool "Support SHA256" depends on SPL_FIT select SHA256 @@ -450,7 +450,7 @@ config SPL_SHA256_SUPPORT checksum is a 256-bit (32-byte) hash value used to check that the image contents have not been corrupted. -config SPL_SHA384_SUPPORT +config SPL_FIT_SHA384 bool "Support SHA384" depends on SPL_FIT select SHA384 @@ -461,7 +461,7 @@ config SPL_SHA384_SUPPORT image contents have not been corrupted. Use this for the highest security. -config SPL_SHA512_SUPPORT +config SPL_FIT_SHA512 bool "Support SHA512" depends on SPL_FIT select SHA512 diff --git a/include/image.h b/include/image.h index e54f12f472..bf92f6235d 100644 --- a/include/image.h +++ b/include/image.h @@ -68,7 +68,7 @@ struct fdt_region; # ifdef CONFIG_SPL_MD5_SUPPORT # define IMAGE_ENABLE_MD51 # endif -# ifdef CONFIG_SPL_SHA1_SUPPORT +# ifdef CONFIG_SPL_FIT_SHA1 # define IMAGE_ENABLE_SHA1 1 # endif # else @@ -90,21 +90,21 @@ struct fdt_region; #endif #if defined(CONFIG_FIT_SHA256) || \ - defined(CONFIG_SPL_SHA256_SUPPORT) + defined(CONFIG_SPL_FIT_SHA256) #define IMAGE_ENABLE_SHA2561 #else #define IMAGE_ENABLE_SHA2560 #endif #if defined(CONFIG_FIT_SHA384) || \ - defined(CONFIG_SPL_SHA384_SUPPORT) + defined(CONFIG_SPL_FIT_SHA384) #define IMAGE_ENABLE_SHA3841 #else #define IMAGE_ENABLE_SHA3840 #endif #if defined(CONFIG_FIT_SHA512) || \ - defined(CONFIG_SPL_SHA512_SUPPORT) + defined(CONFIG_SPL_FIT_SHA512) #define IMAGE_ENABLE_SHA5121 #else #define IMAGE_ENABLE_SHA5120 -- 2.31.1
[PATCH v3 01/19] image: Shorten FIT_ENABLE_SHAxxx_SUPPORT
From: Simon Glass
The ENABLE part of this name is redundant, since all boolean Kconfig
options serve to enable something. The SUPPORT part is also redundant
since Kconfigs can be assumed to enable support for something. Together
they just serve to make these options overly long and inconsistent
with other options.
Rename FIT_ENABLE_SHAxxx_SUPPORT to FIT_SHAxxx
Signed-off-by: Simon Glass
Reviewed-by: Alexandru Gagniuc
Signed-off-by: Alexandru Gagniuc
---
common/Kconfig.boot | 6 +++---
configs/mt8516_pumpkin_defconfig | 2 +-
include/image.h | 12 ++--
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 89a3161f1f..d28ce96a28 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -35,7 +35,7 @@ config FIT_EXTERNAL_OFFSET
could be put in the hole between data payload and fit image
header, such as CSF data on i.MX platform.
-config FIT_ENABLE_SHA256_SUPPORT
+config FIT_SHA256
bool "Support SHA256 checksum of FIT image contents"
default y
select SHA256
@@ -44,7 +44,7 @@ config FIT_ENABLE_SHA256_SUPPORT
SHA256 checksum is a 256-bit (32-byte) hash value used to check that
the image contents have not been corrupted.
-config FIT_ENABLE_SHA384_SUPPORT
+config FIT_SHA384
bool "Support SHA384 checksum of FIT image contents"
default n
select SHA384
@@ -54,7 +54,7 @@ config FIT_ENABLE_SHA384_SUPPORT
the image contents have not been corrupted. Use this for the highest
security.
-config FIT_ENABLE_SHA512_SUPPORT
+config FIT_SHA512
bool "Support SHA512 checksum of FIT image contents"
default n
select SHA512
diff --git a/configs/mt8516_pumpkin_defconfig b/configs/mt8516_pumpkin_defconfig
index 945643ab25..cafad0ef62 100644
--- a/configs/mt8516_pumpkin_defconfig
+++ b/configs/mt8516_pumpkin_defconfig
@@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=2600
# CONFIG_PSCI_RESET is not set
CONFIG_DEBUG_UART=y
CONFIG_FIT=y
-# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
+# CONFIG_FIT_SHA256 is not set
# CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
# CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/include/image.h b/include/image.h
index 0c24bf6f35..e54f12f472 100644
--- a/include/image.h
+++ b/include/image.h
@@ -31,9 +31,9 @@ struct fdt_region;
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
#define CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT 1
-#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
-#define CONFIG_FIT_ENABLE_SHA384_SUPPORT
-#define CONFIG_FIT_ENABLE_SHA512_SUPPORT
+#define CONFIG_FIT_SHA256
+#define CONFIG_FIT_SHA384
+#define CONFIG_FIT_SHA512
#define CONFIG_SHA1
#define CONFIG_SHA256
#define CONFIG_SHA384
@@ -89,21 +89,21 @@ struct fdt_region;
#define IMAGE_ENABLE_SHA1 0
#endif
-#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
+#if defined(CONFIG_FIT_SHA256) || \
defined(CONFIG_SPL_SHA256_SUPPORT)
#define IMAGE_ENABLE_SHA2561
#else
#define IMAGE_ENABLE_SHA2560
#endif
-#if defined(CONFIG_FIT_ENABLE_SHA384_SUPPORT) || \
+#if defined(CONFIG_FIT_SHA384) || \
defined(CONFIG_SPL_SHA384_SUPPORT)
#define IMAGE_ENABLE_SHA3841
#else
#define IMAGE_ENABLE_SHA3840
#endif
-#if defined(CONFIG_FIT_ENABLE_SHA512_SUPPORT) || \
+#if defined(CONFIG_FIT_SHA512) || \
defined(CONFIG_SPL_SHA512_SUPPORT)
#define IMAGE_ENABLE_SHA5121
#else
--
2.31.1
[PATCH v3 00/19] tools: Use a single config for Host OpenSSL (plus dependent patches)
This series combines [PATCH v2] tools: Use a single target-independent config to enable OpenSSL and its dependencies. Changes since v2: * Replace FIT_OBJS-$(CONFIG_...) with FIT_OBJS-y to resolve rpi buld issue Alexandru Gagniuc (11): common: Move host-only logic in image-sig.c to separate file common: image-sig.c: Remove host-specific logic and #ifdefs image: Add support for placing crypto_algo in linker lists image: rsa: Move verification algorithm to a linker list image: image-sig.c: Remove crypto_algos array lib: ecdsa: Remove #ifdefs from ecdsa.h lib: rsa: Remove #ifdefs from rsa.h image: Eliminate IMAGE_ENABLE_VERIFY macro image: Eliminate IMAGE_ENABLE_VERIFY_ECDSA macro image: Add support for relocating crypto_algos in linker lists tools: Use a single target-independent config to enable OpenSSL Simon Glass (8): image: Shorten FIT_ENABLE_SHAxxx_SUPPORT image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT Kconfig: Rename SPL_CRC32_SUPPORT to SPL_CRC32 Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5 image: Drop IMAGE_ENABLE_SHA1 image: Drop IMAGE_ENABLE_SHAxxx image: Drop IMAGE_ENABLE_BEST_MATCH common/Kconfig.boot | 8 +- common/image-fit.c| 10 +- common/image-sig.c| 76 +++-- common/spl/Kconfig| 14 +-- configs/axm_defconfig | 2 +- configs/bcm963158_ram_defconfig | 2 +- configs/chromebit_mickey_defconfig| 2 +- configs/chromebook_jerry_defconfig| 2 +- configs/chromebook_minnie_defconfig | 2 +- configs/chromebook_speedy_defconfig | 2 +- configs/evb-px30_defconfig| 2 +- configs/firefly-px30_defconfig| 2 +- configs/imxrt1020-evk_defconfig | 2 +- configs/imxrt1050-evk_defconfig | 2 +- configs/mt8516_pumpkin_defconfig | 2 +- configs/odroid-go2_defconfig | 2 +- configs/px30-core-ctouch2-px30_defconfig | 2 +- configs/px30-core-edimm2.2-px30_defconfig | 2 +- configs/sandbox_defconfig | 2 +- configs/socfpga_agilex_atf_defconfig | 2 +- configs/socfpga_agilex_vab_defconfig | 2 +- configs/socfpga_stratix10_atf_defconfig | 2 +- configs/taurus_defconfig | 2 +- include/image.h | 59 ++ include/u-boot/ecdsa.h| 25 include/u-boot/rsa.h | 51 + lib/rsa/rsa-sign.c| 4 +- lib/rsa/rsa-verify.c | 18 ++- tools/Kconfig | 11 ++ tools/Makefile| 48 +--- tools/image-sig-host.c| 133 ++ 31 files changed, 259 insertions(+), 236 deletions(-) create mode 100644 tools/image-sig-host.c -- 2.31.1
[PATCH v2] tools: Use a single target-independent config to enable OpenSSL
Host tool features, such as mkimage's ability to sign FIT images were enabled or disabled based on the target configuration. However, this misses the point of a target-agnostic host tool. A target's ability to verify FIT signatures is independent of mkimage's ability to create those signatures. In fact, u-boot's build system doesn't sign images. The target code can be successfully built without relying on any ability to sign such code. Conversely, mkimage's ability to sign images does not require that those images will only work on targets which support FIT verification. Linking mkimage cryptographic features to target support for FIT verification is misguided. Without loss of generality, we can say that host features are and should be independent of target features. While we prefer that a host tool always supports the same feature set, we recognize the following - some users prefer to build u-boot without a dependency on OpenSSL. - some distros prefer to ship mkimage without linking to OpenSSL To allow these use cases, introduce a host-only Kconfig which is used to select or deselect libcrypto support. Some mkimage features or some host tools might not be available, but this shouldn't affect the u-boot build. I also considered setting the default of this config based on FIT_SIGNATURE. While it would preserve the old behaviour it's also contrary to the goals of this change. I decided to enable it by default, so that the default build yields the most feature-complete mkimage. Signed-off-by: Alexandru Gagniuc --- Changes since v1: * Drop the verb "_USE_" from the Kconfig option name tools/Kconfig | 11 +++ tools/Makefile | 46 ++ 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/tools/Kconfig b/tools/Kconfig index b2f5012240..d6f82cd949 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -9,4 +9,15 @@ config MKIMAGE_DTC_PATH some cases the system dtc may not support all required features and the path to a different version should be given here. +config TOOLS_LIBCRYPTO + bool "Use OpenSSL's libcrypto library for host tools" + default y + help + Cryptographic signature, verification, and encryption of images is + provided by host tools using OpenSSL's libcrypto. Select 'n' here if + you wish to build host tools without OpenSSL. mkimage will not have + the ability to sign images. + This selection does not affect target features, such as runtime FIT + signature verification. + endmenu diff --git a/tools/Makefile b/tools/Makefile index 722355e984..e250e6f4b6 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -3,6 +3,25 @@ # (C) Copyright 2000-2006 # Wolfgang Denk, DENX Software Engineering, w...@denx.de. +# A note on target vs host configuration: +# +# Host tools can be used across multiple targets, or different configurations +# of the same target. Thus, host tools must be able to handle any combination +# of target configurations. To prevent having different variations of the same +# tool, the tool build options may not depend on target configuration. +# +# Some linux distributions package these utilities as u-boot-tools, and it +# would be unmaintainable to have a different tool variation for each +# arch or configuration. +# +# A couple of simple rules: +# +# 1) Do not use target CONFIG_* options to enable or disable features in host +#tools. Only use the configs from tools/Kconfig +# 2) It's okay to use target configs to disable building specific tools. +#That's as long as the features of those tools aren't modified. +# + # Enable all the config-independent tools ifneq ($(HOST_TOOLS_ALL),) CONFIG_ARCH_KIRKWOOD = y @@ -53,30 +72,30 @@ hostprogs-y += mkenvimage mkenvimage-objs := mkenvimage.o os_support.o lib/crc32.o hostprogs-y += dumpimage mkimage -hostprogs-$(CONFIG_FIT_SIGNATURE) += fit_info fit_check_sign +hostprogs-$(CONFIG_TOOLS_LIBCRYPTO) += fit_info fit_check_sign hostprogs-$(CONFIG_CMD_BOOTEFI_SELFTEST) += file2include FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o -FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := image-sig-host.o common/image-fit-sig.o -FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o +FIT_SIG_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := image-sig-host.o common/image-fit-sig.o +FIT_CIPHER_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := common/image-cipher.o # The following files are synced with upstream DTC. # Use synced versions from scripts/dtc/libfdt/. LIBFDT_OBJS := $(addprefix libfdt/, fdt.o fdt_ro.o fdt_wip.o fdt_sw.o fdt_rw.o \ fdt_strerror.o fdt_empty_tree.o fdt_addresses.o fdt_overlay.o) -RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \ +RSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/rsa/, \ rsa-sign.o rsa-verify.o \
[PATCH v4 4/5] stm32mp1: spl: Configure TrustZone controller for OP-TEE
OP-TEE is very particular about how the TZC should be configured.
When booting an OP-TEE payload, an incorrect TZC configuration will
result in a panic.
Most information can be derived from the SPL devicetree. The only
information we don't have is the split between TZDRAM and shared
memory. This has to be hardcoded. The rest of the configuration is
fairly easy, and only requires 3 TZC regions. Configure them.
Signed-off-by: Alexandru Gagniuc
---
arch/arm/mach-stm32mp/spl.c | 92 +
1 file changed, 92 insertions(+)
diff --git a/arch/arm/mach-stm32mp/spl.c b/arch/arm/mach-stm32mp/spl.c
index b53659a698a..405eff68a3b 100644
--- a/arch/arm/mach-stm32mp/spl.c
+++ b/arch/arm/mach-stm32mp/spl.c
@@ -11,11 +11,13 @@
#include
#include
#include
+#include
#include
#include
#include
#include
#include
+#include
#include
u32 spl_boot_device(void)
@@ -92,6 +94,96 @@ __weak int board_early_init_f(void)
return 0;
}
+uint32_t stm32mp_get_dram_size(void)
+{
+ struct ram_info ram;
+ struct udevice *dev;
+ int ret;
+
+ if (uclass_get_device(UCLASS_RAM, 0, ))
+ return 0;
+
+ ret = ram_get_info(dev, );
+ if (ret)
+ return 0;
+
+ return ram.size;
+}
+
+static int optee_get_reserved_memory(uint32_t *start, uint32_t *size)
+{
+ phys_size_t fdt_mem_size;
+ fdt_addr_t fdt_start;
+ ofnode node;
+
+ node = ofnode_path("/reserved-memory/optee");
+ if (!ofnode_valid(node))
+ return 0;
+
+ fdt_start = ofnode_get_addr_size(node, "reg", _mem_size);
+ *start = fdt_start;
+ *size = fdt_mem_size;
+ return (fdt_start < 0) ? fdt_start : 0;
+}
+
+#define CFG_SHMEM_SIZE 0x20
+#define STM32_TZC_NSID_ALL 0x
+#define STM32_TZC_FILTER_ALL 3
+
+void stm32_init_tzc_for_optee(void)
+{
+ const uint32_t dram_size = stm32mp_get_dram_size();
+ const uintptr_t dram_top = STM32_DDR_BASE + (dram_size - 1);
+ uint32_t optee_base, optee_size, tee_shmem_base;
+ const uintptr_t tzc = STM32_TZC_BASE;
+ int ret;
+
+ if (dram_size == 0)
+ panic("Cannot determine DRAM size from devicetree\n");
+
+ ret = optee_get_reserved_memory(_base, _size);
+ if (ret < 0 || optee_size <= CFG_SHMEM_SIZE)
+ panic("Invalid OPTEE reserved memory in devicetree\n");
+
+ tee_shmem_base = optee_base + optee_size - CFG_SHMEM_SIZE;
+
+ const struct tzc_region optee_config[] = {
+ {
+ .base = STM32_DDR_BASE,
+ .top = optee_base - 1,
+ .sec_mode = TZC_ATTR_SEC_NONE,
+ .nsec_id = STM32_TZC_NSID_ALL,
+ .filters_mask = STM32_TZC_FILTER_ALL,
+ }, {
+ .base = optee_base,
+ .top = tee_shmem_base - 1,
+ .sec_mode = TZC_ATTR_SEC_RW,
+ .nsec_id = 0,
+ .filters_mask = STM32_TZC_FILTER_ALL,
+ }, {
+ .base = tee_shmem_base,
+ .top = dram_top,
+ .sec_mode = TZC_ATTR_SEC_NONE,
+ .nsec_id = STM32_TZC_NSID_ALL,
+ .filters_mask = STM32_TZC_FILTER_ALL,
+ }, {
+ .top = 0,
+ }
+ };
+
+ flush_dcache_all();
+
+ tzc_configure(tzc, optee_config);
+ tzc_dump_config(tzc);
+
+ dcache_disable();
+}
+
+void spl_board_prepare_for_optee(void *fdt)
+{
+ stm32_init_tzc_for_optee();
+}
+
void board_init_f(ulong dummy)
{
struct udevice *dev;
--
2.31.1
