10 files changed, 299 insertions, 38 deletions

diff --git a/commands/Kconfig b/commands/Kconfig
index bc0885c69d..43b8deddde 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -6,10 +6,6 @@ config COMMAND_SUPPORT
 	depends on !SHELL_NONE
 	default y
 
-config HAS_POWEROFF
-	bool
-	default n
-
 if COMMAND_SUPPORT
 
 config COMPILE_HASH
@@ -1848,7 +1844,6 @@ config CMD_NAND_BITFLIP
 
 config CMD_POWEROFF
 	tristate
-	depends on HAS_POWEROFF
 	prompt "poweroff"
 	help
 	  Turn the power off.
@@ -1930,6 +1925,11 @@ config CMD_WD_DEFAULT_TIMOUT
 	  'wd' is done without a timeout value (which means the watchdog gets
 	  enabled and re-triggered with the default timeout value).
 
+config CMD_HAB
+	bool
+	depends on HAB
+	prompt "High Assurance boot (hab)"
+
 # end Hardware manipulation commands
 endmenu
 
@@ -2115,6 +2115,12 @@ config CMD_SPD_DECODE
 	help
 	  decode spd eeprom
 
+config CMD_SEED
+	tristate
+	prompt "seed"
+	help
+	  Seed the pseudo random number generator (PRNG)
+
 # end Miscellaneous commands
 endmenu
 
diff --git a/commands/Makefile b/commands/Makefile
index 601f15fc38..edd713c6bd 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -87,6 +87,7 @@ obj-$(CONFIG_CMD_AUTOMOUNT)	+= automount.o
 obj-$(CONFIG_CMD_GLOBAL)	+= global.o
 obj-$(CONFIG_CMD_DMESG)		+= dmesg.o
 obj-$(CONFIG_CMD_BASENAME)	+= basename.o
+obj-$(CONFIG_CMD_HAB)		+= hab.o
 obj-$(CONFIG_CMD_DIRNAME)	+= dirname.o
 obj-$(CONFIG_CMD_READLINK)	+= readlink.o
 obj-$(CONFIG_CMD_LET)		+= let.o
@@ -120,3 +121,4 @@ obj-$(CONFIG_CMD_DHRYSTONE)	+= dhrystone.o
 obj-$(CONFIG_CMD_SPD_DECODE)	+= spd_decode.o
 obj-$(CONFIG_CMD_MMC_EXTCSD)	+= mmc_extcsd.o
 obj-$(CONFIG_CMD_NAND_BITFLIP)	+= nand-bitflip.o
+obj-$(CONFIG_CMD_SEED)		+= seed.o
diff --git a/commands/digest.c b/commands/digest.c
index 02a9f6f0de..0edbbec32c 100644
--- a/commands/digest.c
+++ b/commands/digest.c
@@ -36,12 +36,16 @@ int __do_digest(struct digest *d, unsigned char *sig,
 	while (*argv) {
 		char *filename = "/dev/mem";
 		loff_t start = 0, size = ~0;
+		int show_area = 1;
 
 		/* arguments are either file, file+area or area */
 		if (parse_area_spec(*argv, &start, &size)) {
 			filename = *argv;
-			if (argv[1] && !parse_area_spec(argv[1], &start, &size))
+			show_area = 0;
+			if (argv[1] && !parse_area_spec(argv[1], &start, &size)) {
 				argv++;
+				show_area = 1;
+			}
 		}
 
 		ret = digest_file_window(d, filename,
@@ -53,8 +57,12 @@ int __do_digest(struct digest *d, unsigned char *sig,
 				for (i = 0; i < digest_length(d); i++)
 					printf("%02x", hash[i]);
 
-				printf("  %s\t0x%08llx ... 0x%08llx\n",
-					filename, start, start + size);
+				printf("  %s", filename);
+				if (show_area)
+					printf("\t0x%08llx ... 0x%08llx",
+						start, start + size);
+
+				puts("\n");
 			}
 		}
 
diff --git a/commands/hab.c b/commands/hab.c
new file mode 100644
index 0000000000..0d7ee8e76c
--- /dev/null
+++ b/commands/hab.c
@@ -0,0 +1,120 @@
+/*
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; version 2.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ */
+
+#include <common.h>
+#include <command.h>
+#include <complete.h>
+#include <fs.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <linux/ctype.h>
+#include <errno.h>
+#include <hab.h>
+
+static int do_hab(int argc, char *argv[])
+{
+	int opt, ret, i;
+	char *srkhashfile = NULL, *srkhash = NULL;
+	unsigned flags = 0;
+	u8 srk[SRK_HASH_SIZE];
+	int lockdown = 0, info = 0;
+
+	while ((opt = getopt(argc, argv, "s:fpx:li")) > 0) {
+		switch (opt) {
+		case 's':
+			srkhashfile = optarg;
+			break;
+		case 'f':
+			flags |= IMX_SRK_HASH_FORCE;
+			break;
+		case 'p':
+			flags |= IMX_SRK_HASH_WRITE_PERMANENT;
+			break;
+		case 'x':
+			srkhash = optarg;
+			break;
+		case 'l':
+			lockdown = 1;
+			break;
+		case 'i':
+			info = 1;
+			break;
+		default:
+			return COMMAND_ERROR_USAGE;
+		}
+	}
+
+	if (!info && !lockdown && !srkhashfile && !srkhash) {
+		printf("Nothing to do\n");
+		return COMMAND_ERROR_USAGE;
+	}
+
+	if (info) {
+		ret = imx_hab_read_srk_hash(srk);
+		if (ret)
+			return ret;
+
+		printf("Current SRK hash: ");
+		for (i = 0; i < SRK_HASH_SIZE; i++)
+			printf("%02x", srk[i]);
+		printf("\n");
+
+		if (imx_hab_device_locked_down())
+			printf("secure mode\n");
+		else
+			printf("devel mode\n");
+
+		return 0;
+	}
+
+	if (srkhashfile && srkhash) {
+		printf("-s and -x options may not be given together\n");
+		return COMMAND_ERROR_USAGE;
+	}
+
+	if (srkhashfile) {
+		ret = imx_hab_write_srk_hash_file(srkhashfile, flags);
+		if (ret)
+			return ret;
+	} else if (srkhash) {
+		ret = imx_hab_write_srk_hash_hex(srkhash, flags);
+		if (ret)
+			return ret;
+	}
+
+	if (lockdown) {
+		ret = imx_hab_lockdown_device(flags);
+		if (ret)
+			return ret;
+		printf("Device successfully locked down\n");
+	}
+
+	return 0;
+}
+
+BAREBOX_CMD_HELP_START(hab)
+BAREBOX_CMD_HELP_TEXT("Handle i.MX HAB (High Assurance Boot)")
+BAREBOX_CMD_HELP_TEXT("")
+BAREBOX_CMD_HELP_OPT ("-s <file>",  "Burn Super Root Key hash from <file>")
+BAREBOX_CMD_HELP_OPT ("-x <sha256>",  "Burn Super Root Key hash from hex string")
+BAREBOX_CMD_HELP_OPT ("-i",  "Print HAB info")
+BAREBOX_CMD_HELP_OPT ("-f",  "Force. Write even when a key is already written")
+BAREBOX_CMD_HELP_OPT ("-l",  "Lockdown device. Dangerous! After executing only signed images can be booted")
+BAREBOX_CMD_HELP_OPT ("-p",  "Permanent. Really burn fuses. Be careful!")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(hab)
+	.cmd		= do_hab,
+	BAREBOX_CMD_DESC("Handle i.MX HAB")
+	BAREBOX_CMD_OPTS("sxfp")
+	BAREBOX_CMD_GROUP(CMD_GRP_HWMANIP)
+	BAREBOX_CMD_HELP(cmd_hab_help)
+BAREBOX_CMD_END
diff --git a/commands/led.c b/commands/led.c
index 354f74df8f..a53f0df6a2 100644
--- a/commands/led.c
+++ b/commands/led.c
@@ -29,6 +29,44 @@ static int do_led(int argc, char *argv[])
 	unsigned long value;
 	struct led *led;
 	int ret;
+	int opt;
+	int flash = 0, blink = 0;
+	int blink_on_ms = 500;
+	int blink_off_ms = 500;
+
+	while ((opt = getopt(argc, argv, "fb")) > 0) {
+		switch(opt) {
+		case 'f':
+			flash = 1;
+			break;
+		case 'b':
+			blink = 1;
+			break;
+		}
+	}
+
+	if (flash || blink) {
+		int args = argc - optind;
+
+		if (!args || (flash && blink))
+			return COMMAND_ERROR_USAGE;
+
+		led = led_by_name_or_number(argv[optind]);
+		if (!led) {
+			printf("no such LED: %s\n", argv[optind]);
+			return 1;
+		}
+
+		if (args > 1)
+			blink_on_ms = simple_strtoul(argv[optind + 1], NULL, 0);
+		if (args > 2)
+			blink_off_ms = simple_strtoul(argv[optind + 2], NULL, 0);
+
+		if (flash)
+			return led_flash(led, blink_on_ms);
+		if (blink)
+			return led_blink(led, blink_on_ms, blink_off_ms);
+	}
 
 	if (argc == 1) {
 		int i = 0;
@@ -73,9 +111,13 @@ static int do_led(int argc, char *argv[])
 BAREBOX_CMD_HELP_START(led)
 BAREBOX_CMD_HELP_TEXT("Control the value of a LED. The exact meaning of VALUE is unspecified,")
 BAREBOX_CMD_HELP_TEXT("it can be a brightness, or a color. Most often a value of '1' means on")
-BAREBOX_CMD_HELP_TEXT("and '0' means off.")
+BAREBOX_CMD_HELP_TEXT("and '0' means off. Basic usage is 'led <led> <value>'. LEDs can be given")
+BAREBOX_CMD_HELP_TEXT("by name or number.")
 BAREBOX_CMD_HELP_TEXT("")
 BAREBOX_CMD_HELP_TEXT("Without arguments the available LEDs are listed.")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT ("-b <led> [duration-on-ms] [duration-off-ms]",  "blink a LED")
+BAREBOX_CMD_HELP_OPT ("-f <led> [duration-ms]",  "flash a LED")
 BAREBOX_CMD_HELP_END
 
 BAREBOX_CMD_START(led)
diff --git a/commands/poweroff.c b/commands/poweroff.c
index e8c726a7f2..bbafa13bd0 100644
--- a/commands/poweroff.c
+++ b/commands/poweroff.c
@@ -19,10 +19,11 @@
 
 #include <common.h>
 #include <command.h>
+#include <poweroff.h>
 
 static int cmd_poweroff(int argc, char *argv[])
 {
-	poweroff();
+	poweroff_machine();
 
 	/* Not reached */
 	return 1;
diff --git a/commands/seed.c b/commands/seed.c
new file mode 100644
index 0000000000..e378cd7635
--- /dev/null
+++ b/commands/seed.c
@@ -0,0 +1,44 @@
+/*
+ * (c) 2017 Oleksij Rempel <kernel@pengutronix.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <common.h>
+#include <command.h>
+#include <stdlib.h>
+#include <linux/ctype.h>
+
+static int do_seed(int argc, char *argv[])
+{
+	if (argc < 2)
+		return COMMAND_ERROR_USAGE;
+
+	if (isdigit(*argv[1])) {
+		srand(simple_strtoul(argv[1], NULL, 0));
+		return 0;
+	}
+
+	printf("numerical parameter expected\n");
+	return 1;
+}
+
+BAREBOX_CMD_HELP_START(seed)
+BAREBOX_CMD_HELP_TEXT("Seed the pseudo random number generator")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(seed)
+	.cmd = do_seed,
+	BAREBOX_CMD_DESC("seed the PRNG")
+	BAREBOX_CMD_OPTS("VALUE")
+	BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+	BAREBOX_CMD_HELP(cmd_seed_help)
+BAREBOX_CMD_END
diff --git a/commands/stddev.c b/commands/stddev.c
index 318d057417..93da2c7398 100644
--- a/commands/stddev.c
+++ b/commands/stddev.c
@@ -17,6 +17,7 @@
 
 #include <common.h>
 #include <init.h>
+#include <stdlib.h>
 
 static ssize_t zero_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
 {
@@ -100,3 +101,31 @@ static int null_init(void)
 }
 
 device_initcall(null_init);
+
+static ssize_t prng_read(struct cdev *cdev, void *buf, size_t count, loff_t offset, ulong flags)
+{
+	get_random_bytes(buf, count);
+	return count;
+}
+
+static struct file_operations prngops = {
+	.read  = prng_read,
+	.lseek = dev_lseek_default,
+};
+
+static int prng_init(void)
+{
+	struct cdev *cdev;
+
+	cdev = xzalloc(sizeof (*cdev));
+
+	cdev->name = "prng";
+	cdev->flags = DEVFS_IS_CHARACTER_DEV;
+	cdev->ops = &prngops;
+
+	devfs_create(cdev);
+
+	return 0;
+}
+
+device_initcall(prng_init);
diff --git a/commands/trigger.c b/commands/trigger.c
index 2758ce74e8..0dd3b346fa 100644
--- a/commands/trigger.c
+++ b/commands/trigger.c
@@ -28,59 +28,62 @@
 #define LED_COMMAND_SHOW_INFO		2
 #define	LED_COMMAND_DISABLE_TRIGGER	3
 
-static char *trigger_names[] = {
-	[LED_TRIGGER_PANIC] = "panic",
-	[LED_TRIGGER_HEARTBEAT] = "heartbeat",
-	[LED_TRIGGER_NET_RX] = "net rx",
-	[LED_TRIGGER_NET_TX] = "net tx",
-	[LED_TRIGGER_NET_TXRX] = "net",
-	[LED_TRIGGER_DEFAULT_ON] = "default on",
-};
 
 static int do_trigger(int argc, char *argv[])
 {
-	struct led *led;
-	int i, opt, ret = 0;
+	struct led *led = NULL;
+	int opt, ret = 0;
 	int cmd = LED_COMMAND_SHOW_INFO;
-	unsigned long trigger = 0;
+	enum led_trigger trigger;
+	const char *led_name = NULL;
+	const char *trigger_name = NULL;
 
 	while((opt = getopt(argc, argv, "t:d:")) > 0) {
 		switch(opt) {
 		case 't':
-			trigger = simple_strtoul(optarg, NULL, 0);
+			trigger_name = optarg;
 			cmd = LED_COMMAND_SET_TRIGGER;
 			break;
 		case 'd':
-			trigger = simple_strtoul(optarg, NULL, 0);
+			led_name = optarg;
 			cmd = LED_COMMAND_DISABLE_TRIGGER;
 		}
 	}
 
+	if (optind < argc)
+		led = led_by_name_or_number(argv[optind]);
+
 	switch (cmd) {
 	case LED_COMMAND_SHOW_INFO:
-		for (i = 0; i < LED_TRIGGER_MAX; i++) {
-			int led = led_get_trigger(i);
-			printf("%d: %s", i, trigger_names[i]);
-			if (led >= 0)
-				printf(" (led %d)", led);
-			printf("\n");
-		}
+		led_triggers_show_info();
 		break;
 
 	case LED_COMMAND_DISABLE_TRIGGER:
-		ret = led_set_trigger(trigger, NULL);
+		led = led_by_name_or_number(led_name);
+		if (!led) {
+			printf("no such led: %s\n", led_name);
+			return 1;
+		}
+
+		led_trigger_disable(led);
 		break;
 
 	case LED_COMMAND_SET_TRIGGER:
 		if (argc - optind != 1)
 			return COMMAND_ERROR_USAGE;
-		led = led_by_name_or_number(argv[optind]);
 
+		led = led_by_name_or_number(argv[optind]);
 		if (!led) {
 			printf("no such led: %s\n", argv[optind]);
 			return 1;
 		}
 
+		trigger = trigger_by_name(trigger_name);
+		if (trigger == LED_TRIGGER_INVALID) {
+			printf("no such trigger: %s\n", trigger_name);
+			return 1;
+		}
+
 		ret = led_set_trigger(trigger, led);
 		break;
 	}
@@ -92,16 +95,17 @@ static int do_trigger(int argc, char *argv[])
 
 BAREBOX_CMD_HELP_START(trigger)
 BAREBOX_CMD_HELP_TEXT("Control a LED trigger. Without options assigned triggers are shown.")
+BAREBOX_CMD_HELP_TEXT("triggers are given with their name, LEDs are given with their name or number")
 BAREBOX_CMD_HELP_TEXT("")
 BAREBOX_CMD_HELP_TEXT("Options:")
-BAREBOX_CMD_HELP_OPT ("-t",  "set a trigger (needs LED argument)")
-BAREBOX_CMD_HELP_OPT ("-d",  "disable a trigger")
+BAREBOX_CMD_HELP_OPT ("-t <trigger> <led>",  "set a trigger")
+BAREBOX_CMD_HELP_OPT ("-d <led>",  "disable a trigger")
 BAREBOX_CMD_HELP_END
 
 BAREBOX_CMD_START(trigger)
 	.cmd		= do_trigger,
 	BAREBOX_CMD_DESC("handle LED triggers")
-	BAREBOX_CMD_OPTS("[-td] TRIGGER [LED]")
+	BAREBOX_CMD_OPTS("[-td] [LED]")
 	BAREBOX_CMD_GROUP(CMD_GRP_HWMANIP)
 	BAREBOX_CMD_HELP(cmd_trigger_help)
 BAREBOX_CMD_END
diff --git a/commands/usbgadget.c b/commands/usbgadget.c
index 314884aee8..02c2c96b02 100644
--- a/commands/usbgadget.c
+++ b/commands/usbgadget.c
@@ -20,6 +20,7 @@
  */
 #include <common.h>
 #include <command.h>
+#include <environment.h>
 #include <errno.h>
 #include <malloc.h>
 #include <getopt.h>
@@ -32,11 +33,11 @@
 static int do_usbgadget(int argc, char *argv[])
 {
 	int opt, ret;
-	int acm = 1, create_serial = 0;
-	char *fastboot_opts = NULL, *dfu_opts = NULL;
+	int acm = 1, create_serial = 0, fastboot_set = 0;
+	const char *fastboot_opts = NULL, *dfu_opts = NULL;
 	struct f_multi_opts *opts;
 
-	while ((opt = getopt(argc, argv, "asdA:D:")) > 0) {
+	while ((opt = getopt(argc, argv, "asdA::D:")) > 0) {
 		switch (opt) {
 		case 'a':
 			acm = 1;
@@ -51,6 +52,7 @@ static int do_usbgadget(int argc, char *argv[])
 			break;
 		case 'A':
 			fastboot_opts = optarg;
+			fastboot_set = 1;
 			break;
 		case 'd':
 			usb_multi_unregister();
@@ -60,6 +62,9 @@ static int do_usbgadget(int argc, char *argv[])
 		}
 	}
 
+	if (fastboot_set && !fastboot_opts)
+		fastboot_opts = getenv("global.usbgadget.fastboot_function");
+
 	if (!dfu_opts && !fastboot_opts && !create_serial)
 		return COMMAND_ERROR_USAGE;