| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All STM32MP1 DTs already include their respective barebox SoC header, so
set barebox,restart-warm-bootrom there, so users can portably run:
tamp.reboot_mode.next=serial reset -w
To get into DFU mode.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221017071000.1458292-9-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We currently support reboot mode communication with BootROMs of the
i.MX6Q/DL, i.MX8MM and STM32MP15x. For each of these, the user must
take care to use the correct reset as the highest priority reset often
clears the non-volatile register mapped by the syscon holding the reboot
mode. As we only have one BootROM, we can improve usability by adding a
global flag that describes whether a restart handler is suitable for
use after a bootrom reboot mode write. Add a flag bit describing this
and allow populating it from the device tree as well as from drivers.
Existing i.MX/STM32 drivers will be moved onto this in follow-up
commits.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221017071000.1458292-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The restart-priority OF property is parsed for a number of MFDs, but
there is no reason really not to parse it for every restart handler that
has a device tree node like we already do for watchdogs.
Add a new struct restart_handler::of_node field and look into it if
populated. With this of_get_restart_priority, is no longer used, so drop it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221017071000.1458292-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Code may fail compile depending on include order. Fix this.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221017071000.1458292-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These can be called from barebox PBL when booted from USB to continue
USB boot. This isn't necessary in the general case when RAM setup is
done via DCD, but for cases where setup is done in PBL, these helpers
come in handy. Tested on i.MX7D revision 1.2.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221017071036.1458761-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When multiple PBL entry points are built as part of a multi-image build,
the link process will be conducted multiple times, each with a different
entry point and then linker garbage collection will take care to remove
any unreferenced sections. Sometimes, we want to keep sections around,
even if they are unreferenced in code, because the linker will place
them at a location, where they can fulfill their purpose without being
referenced explicitly.
Examples are the barebox IMD entries, which attach image meta-data to
barebox or the stack setup prologue which is inserted at the start of
the image to work around lack of __attribute__((naked)) support on
ARM64.
So far, these sections were kept around by either a call to an external
function, which worked because we don't employ LTO or via
barrier_data(ptr), which in its <linux/compiler-gcc.h> implementation
generates a load from the supplied ptr. Improve readability, by defining
a new __keep_symbolref() that describes what it is supposed to do and
does just that: Keep a symbol reference alive as long as the code
surrounding it is not eliminated as dead code.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221024065716.1215046-5-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Every other function in reset.h has a corresponding stub that is used
when the option RESET_CONTROLLER is disabled in config. This allows for
code that uses this function to still be compilable even when the reset
controller subsystem is disabled.
Signed-off-by: Denis Orlov <denorl2009@gmail.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221031073429.1656245-1-denorl2009@gmail.com
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces runtime_address(__linker_defined_symbol) as an
alternative to error-prone __linker_defined_symbol +
get_runtime_offset()/global_variable_offset().
While most code is better served by doing a
relocate_to_current_adr(); setup_c();
and jumping to a noinline function for anything remotely complicated,
we can't do that always:
- In relocation code, PBL uncompressing preparatory code, we _must_
access linker defined symbols before relocation unless we
reimplement them in assembly.
- I believe GCC doesn't guarantee that an external object referenced
in a noinline function has its address computed in the same
function. Compiler may see occasion to pc-relative read e.g. two
addresses located after function return into registers, believing
that relocation must have happened before C code first runs.
We then do the relocation, but the addresses are never touched
again, so we dereference an unrelocated address later on.
For these situation we introduce a new runtime_address() macro that
hides behind assembly the origin of the address it returns and so the
compiler can not assume that it may move it around across calls to
functions like relocate_to_current_adr() or the relocation loop in
relocate_to_current_adr() itself.
This has one major shortcoming that exists with the opencoded
addition as well: Compiler will generate PC-relative access to data
defined in the same translation unit, so we end up adding the offset
twice. We employ some GCC builtin magic to catch most of this at
compile-time. If we just did RELOC_HIDE() with a cast, we may lull
board code authors into false security when they use it for non
linker defined symbols.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221020131510.3734338-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Plus has lots of peripherals that need be disabled, depending on fusebox
settings. Some of these are already described in the upstream device tree,
so reference them in the barebox DT and add the necessary glue for
disabling them like we already do on i.MX8MM/N.
We omit CPU fusing for now. These are handled by tester3 and would need
a bit more rework.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221017134929.622022-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
All constants should have unique values. Fix a typo that violated this.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221017134929.622022-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When iterating over a directory, it can be useful to put back the just
read directory entry, so it can be retried at a later time. This will be
needed for the EFI loader variable support.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010061437.2085412-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
So far we only bring up network interfaces when we actually need them.
This means we could be idling in the shell for long and once the user
decides to do networking he has to wait for the link to be established.
We can do better: Before going interactive bring up all known network
interfaces which makes the links established when the user needs them.
To implement this we have to rework carrier checking a bit, because
otherwise barebox would wait for the links to be established before
continuing.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We didn't care much for broken-cd so far, still we have some drivers
implementing the card_present callback, which we should ignore when
card-detect is marked broken.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220930153317.731088-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We already have get_crypto_bytes to get access to hardware generated
randomness. barebox as EFI loader would provide a handle for each HWRNG,
so add a hwrng_get_crypto_bytes function that can be used to implement
the load-side protocol.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010061122.2084009-9-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We have a separate linker script for each architecture and one more for
PBL if supported. All linker scripts include <asm-generic/barebox.lds.h>.
In future, we may want to use a linker script common to more than one
architecture. Prepare for this by having each architecture define a
<asm/barebox.lds.h>. Currently, these files contain little more than
1-2 #include directives, but this will change in later commits.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010061122.2084009-6-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
cdev->dev being NULL is normal for virtual device files like /dev/null,
but can trip developers over. Ensure dev_name(cdev->dev) returns NULL
instead of crashing for more robustness.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010061122.2084009-5-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With all errno_str() instanced removed in a previous commit, we can drop
the now unused definition. New code should use
printf("message: %m\n");
instead of
printf("message: %s\n", errno_str());
or just use strerror(...) directly.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010061122.2084009-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Having a non-const cdev parameter for cdev_get_block_device() limits its
use as a user may want to just read struct block_device members without
change. Allow this by changing parameter to be pointer to const instead.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010061122.2084009-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
panic() will format a panic message, turn on a panic LED, dump a
stack trace and finally either restart the system or print a
message to ask the user to restart the system before hanging.
When relocation fails, all of these aren't possible, so instead of
devolving into undefined behavior, fall directly into an infinite loop.
Motivation for this change is to avoid linking printf code when it's
only usage is the relocation error case.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220930154247.756577-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The panic declaration in <linux/kernel.h> is out of place and unexpected
as it's not a Linux kernel. printf() and printk() are defined in
<printk.h>, so move it there too. Most files making use of panic(), pull
it in via <common.h>, so we only need to adjust two headers for the
new location.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220930154247.756577-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This will come in handy when using barebox as EFI loader, so give it a
more generic name and export it.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220930154053.752237-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
EFI loaders provide both block device and file system access to software
running under it. For file system access, we will just want to get a
mount if available and mount at a default location if not. Provide a
helper that does just that.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220930154017.750867-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For symmetry with SIZE_MAX, which we already define, define SIZE_MAX as
well. Definition taken from Linux.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220930153819.744833-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some USB mass storage devices can take a comparatively long time after
vbus is applied until they can be enumerated. Board code can reissue
usb_rescan() to retry enumeration at a later time. It's useful for
board code to check whether any new devices have been detected by a
usb_rescan() call. To facilitate this, have usb_rescan() return the
number of devices found in addition to printing it to the log.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220929100502.895553-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On some boards, some partitions exposed to fastboot may become
unavailable under certain circumstances, e.g. if an SD-Card exposed to
fastboot is removed.
Previously, this lead to an error and the fastboot gadget did not
initialize the remaining partitions exposed via fastboot, e.g. an
eMMC which usually is permanently soldered on the board.
This patch allows to append an optional flag 'o' to the description of a
fastboot partition. If this partition is unavailable at the
initialization of the fastboot gadget, said partition is skipped, while
the remaining available partitions are still exposed.
Signed-off-by: Johannes Zink <j.zink@pengutronix.de>
Link: https://lore.barebox.org/20220922132410.2653284-1-j.zink@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add function to get device/driver probe state.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.barebox.org/20220926081740.76968-2-o.rempel@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
On the MDIO bus we can have PHYs and some other type of devices.
Typical not_PHY MDIO devices do not have easy detectable ID and can't be
used as-is by the PHY framework. So, add additional handler to register
MDIO devices and drivers alongside with the PHY devices/drivers.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.barebox.org/20220920125533.2497108-2-o.rempel@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
SMI0 is a mangled version of MDIO. The main low level difference is
the MDIO C22 OP code is always 0, not 0x2 or 0x1 for Read/Write. The
read/write information is instead encoded in the PHY address.
Extend the bit-bang code to allow the op code to be overridden, but
default to normal C22 values. Add an extra compatible to the mdio-gpio
driver, and when this compatible is present, set the op codes to 0.
A higher level driver, sitting on top of the basic MDIO bus driver can
then implement the rest of the microchip SMI0 odderties.
This code was ported from the kernel v6.0-rc2.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.barebox.org/20220920125533.2497108-1-o.rempel@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds a barebox update handler for i.MX7 NAND
Signed-off-by: Johannes Zink <j.zink@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Tested-by: Johannes Zink <j.zink@pengutronix.de> # innocomm S810
Link: https://lore.barebox.org/20220930121553.335796-8-s.hauer@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The FCB on the i.MX7 is written in BCH62 mode and with randomizer
enabled. This needs special FCB read/write functions. Add them to the
driver.
Signed-off-by: Johannes Zink <j.zink@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Tested-by: Johannes Zink <j.zink@pengutronix.de> # innocomm S810
Link: https://lore.barebox.org/20220930121553.335796-4-s.hauer@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When running on device-tree enabled systems, barebox as EFI payload may
be passed a device tree via the system table. We've no use for that just
yet, but lets make it available as /efi.dtb.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010060842.2083550-5-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Iterating over the system table is something we do at two places,
already and the third will soon follow. Use the occasion to factor the
loop head into a macro.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010060842.2083550-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The EFI_RNG_PROTOCOL_GUID is quite simple and as such was a good first
protocol to implement for the barebox EFI loader support. We don't yet
have a payload-side driver making use of it though, so add that here.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010060842.2083550-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Linux coding style is using all caps for constants. Follow this for
enum efi_locate_search_type as well. No functional change.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010060842.2083550-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GCC defaults to a one-byte bool on all its platform, except for IBM RS/6000,
which will most likely never support. Thus just drop the efi_bool type
we only use at a single place and use bool directly.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20221010060842.2083550-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was part of a larger series that made it possible to use other
compression algos than LZO for device tree and to use zstd more widely
for barebox and kernel compression. The latter zstd-related parts needed
rework and were not merged, but the zstd update was applied. It broken
in turn the UBIFS zstd support. As we get nothing out of the update
without the not applied commits that need rework anyway, revert this
commit.
This reverts commit b4a9782d4f56333e897dccc35c2c27e2605f6b93.
Reported-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220929102537.1767458-1-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
| |
network packets are often DMAed by the network drivers, so allocate
them with dma_alloc() rather than assuming that an arbitrarily chosen
alignment is sufficient
This fixes network transfers on a Rockchip RK3568 board which
occasionally sent out packets with corrupt data.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
__piggydata_end and __image_end used to be synonyms before the addition
of external firmware. Now that external firmware is located after
__piggydata_end, code using it needs to be revisited.
There's no reason to have code reference __piggydata_end. Either they
want all the rest of the image, so they should use __image_end instead
or they want just the piggy data, in which case they can read the data
size embedded into the piggydata itself.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220818050447.2072932-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Normally, barebox embds firmware into the binary referencing it, which
means that device tree blobs, RAM training code and e.g. TF-A for i.MX8M
end up in the prebootloader, while, e.g. Freescale FMan microcode ends
up in barebox proper. The only exception so far was barebox proper:
When only the PBL fits in on-chip SRAM, barebox proper is chainloaded
from the boot medium. To avoid TOCTOU attack, it's read fully into DRAM
after setup and then a SHA256 is calculated and compared against the
hash embedded in barebox PBL, which in a secure boot system would be
trusted by virtue of the PBL as a whole being verified beforehand by
the BootROM.
Reuse this mechanism to support arbitrary firmware, which is now termed
external firmware. Such firmware is placed beyond the piggydata (barebox
proper) and only offset and hash are included in the prebootloader
image. The new get_builtin_firmware_ext() is used to retrieve this
external firmware after integrity verification with SHA256.
This enables referencing firmware blobs from PBL that would bloat the
size of the PBL beyond what can fit into on-chip SRAM, e.g. very big
OP-TEE binaries. As users of get_builtin_firmware() didn't have to worry
about TOCTOU so far, we panic when a firmware verification fails to
ensure that we never load an OP-TEE that has been modified in-transit
We can't include the OP-TEE binary in barebox proper, because we need
to install it in EL3, but barebox proper on the i.MX8M runs as BL33
in a lower exception level.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220818050447.2072932-3-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There's no downside to always build the digest verification code in PBL
and export pbl_barebox_verify to access it. This allows board code to
use the function for verifying other firmware blobs and
CONFIG_PBL_VERIFY_PIGGY=y will remain to enable the verification at
barebox proper extraction time. Code not using it will have the function
sections garbage collected by the linker, so no functional change.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220818050447.2072932-2-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|\ \ |
|